Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Anyone have experience setting up an email provider platform?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anyone have experience setting up an email provider platform?

JonchunJonchun Member
edited March 2015 in General

Hello,

I'm interested in providing some email hosting, but would like to consult with someone (either free or paid) before even attempting this project. If anyone has experience with setting up an email service (similar to gmail), please respond! Here's what I'm looking for.

I want to set up an email service focusing on catchall addresses. (I THINK I've seen another website do it, but it doesn't seem to be too popular so I figure I could give it a shot) If someone could link me to the service I've seen doing it, that would be great. I have no idea where I saw it and I can't find it.

Target Audience:

  • Personal Use/General Audience who are interested in tracking who has their email. For example, if I want to sign up for LET, I use the email [email protected] (or custom domain). If I want to sign up for a Vons membership, I use [email protected].

Pros:

  • Allows you to easily see what companies are selling/sharing your information
  • Allows you to easily block a specific email so you no longer receive it. If I find out Hostwinds has my email, I can just block the email they obtained and report them to spam agencies.
  • It's cool? Giving people personalized email addresses could be cool.
  • Could have prioritized inboxes, with specified emails having higher priority, etc.

Cons:

  • Spammers will often guess random things like [email protected] in order to try getting a valid email. A catchall domain will catch those emails as well
  • Requires you to be a little more "hands-on" with your email. Not for all consumers. Must be somewhat tech-knowledgeable
  • Will cost a little bit more to set up a customized platform

Sending:

  • Email sending will be done through a 3rd party like mandrill/sendgrid. I realize this is expensive, but I figure this is probably the most reliable way to get best delivery.
  • Setting up my own solution may not be a bad idea either

Receiving: This is what I want the most consulting/help with

  • Needs to support catchall
  • Needs to be able to blacklist emails from catchall
  • Needs to support dynamic subdomains

Webmail:

  • Considering using RainLoop and modifying it.
  • Still haven't put too much thought into this one

DNS

  • Not sure if it should be self-hosted or not. Thoughts?
  • Needs to support dynamic subdomains

Obviously there's a lot more to be discussed/planned, but I just listed a basic outline of what I feel would be a helpful service. If anyone has experience with something similar perhaps @Jar with mxroute? it would be great to see any concerns/comments as well as help.

And finally, I hate that I have to put this sentence here, but this is LET so: If you do not have substantial experience with a similar system (with proof), don't expect me to take you seriously. I don't mind paying for consulting, but if you're going to pull a (weknowwho) and say "pm me for pricing i can do this for you", I'm not interested.

«1

Comments

  • VPNshVPNsh Member, Host Rep

    Interesting topic of discussion. I'd be keen to watch your progress with this.

  • @liamwithers said:
    Interesting topic of discussion. I'd be keen to watch your progress with this.

    I'm excited to see where this goes as well. Good to see others like the idea as well. I know catch-all emails aren't a new concept, but a service that makes it easy to sign up for and is free/cheap (and works well) would definitely be a gamechanger.

  • VPNshVPNsh Member, Host Rep

    @Jonchun, not sure if it'd be a game-changer as such, but there's certainly a market for something like this. If implemented well, it would be interesting to see what level of interest is there, however it's a fairly niche market that may take some time to gain some real exposure.

    I assume you'd be able to fund this properly in the event that it takes a while to gain users/any real revenue?

  • @liamwithers said:
    Jonchun, not sure if it'd be a game-changer as such, but there's certainly a market for something like this. If implemented well, it would be interesting to see what level of interest is there, however it's a fairly niche market that may take some time to gain some real exposure.

    I assume you'd be able to fund this properly in the event that it takes a while to gain users/any real revenue?

    Right. What I mean by "game-changer" is it may have potential to stop being such a "niche" market. Similar to how "everybody" knows what bitcoins are even if they don't use them.

    And yes, I would be funding this even without revenue for a while.

    Thanked by 1VPNsh
  • VPNshVPNsh Member, Host Rep

    @Jonchun I see. Well I wish you luck with the project, and hope that you see it through! I'll happily come along and test when you're at that stage. I have a couple of use cases for this that could be useful - although for most scenarios, MXroute and GApps (eww, Google - right?) work just fine for me.

    Thanked by 1jar
  • raindog308raindog308 Administrator, Veteran

    said: I want to set up an email service focusing on catchall addresses. (I THINK I've seen another website do it, but it doesn't seem to be too popular so I figure I could give it a shot) If someone could link me to the service I've seen doing it, that would be great. I have no idea where I saw it and I can't find it.

    This is sort of what Mailinator does. Pick any email address from one of their 100-odd domains (or use your own) and give it out. You don't have to preregister it with them. Good for disposable stuff. It is cleaned out regularly although if you google for "disposable email" you'll see there are a zillion people doing this with various levels of retention, pay-for-retention, etc.

    @Jar 's mxroute.com allows catchall as part of their standard service. You sign up with the domain, and you can create as many aliases as you want and route catchall however you want. It's all done in their web panel.

    Thanked by 2Jonchun jar
  • 4n0nx4n0nx Member

    Postfix supports this out of the box. Just add MySQL and use wildcard DNS, done. Use the panel of your choice, just add a MySQL query possibility to add stuff to recipient_access and virtual_domains and virtual_users in the database.

    I have not used recipient_access in a database, but it should work just like virtual_domains etc. .

    Thanked by 1Jonchun
  • @raindog308 said:

    Well the difference between this and a disposable email address would be that it's meant to be a personal (permanent) email address. A disposable email isn't any good for registering for services that you plan to use long-term. (it will not only be hard to remember them all, but it will be "shared" with other people). I guess there is the whole pay-for-retention thing, but see below as to what I (want).

    I didn't know MxRoute has catch-all as part of their service as it doesn't seem to be advertised much. I'll have to look at it more and see how it works. I guess my vision is a little different from MxRoute's email hosting though. The service I'm envisioning is closer to Gmail/Hotmail than it is to MxRoute. Just after signup, instead of using [email protected], you use *@raindog308.gmail.com (with custom domain options of course)

    @4n0nx
    Ah that's good to know. I haven't done too much research into this, but it's good to see it would be supported ootb by postfix.

  • zedzed Member

    Are you envisioning a paid service? What's the value-add why I'd use your service vs. [email protected] (for example)?

  • raindog308raindog308 Administrator, Veteran

    Jonchun said: I didn't know MxRoute has catch-all as part of their service as it doesn't seem to be advertised much. I'll have to look at it more and see how it works. I guess my vision is a little different from MxRoute's email hosting though. The service I'm envisioning is closer to Gmail/Hotmail than it is to MxRoute. Just after signup, instead of using [email protected], you use *@raindog308.gmail.com (with custom domain options of course)

    mxroute's service is pretty much the same as, say, GMail's (leaving out the fact that with GMail you pay per user). You setup your domain with mxroute and, assuming you select an unlimited package, can setup as many mailboxes as you want. If you additionally want to create a catchall alias that routes everything else to one of them, you can do that.

    You're right that mxroute doesn't offer a subdomain or account on some domain they own - just custom domains.

    Thanked by 1jar
  • @zed said:
    Are you envisioning a paid service? What's the value-add why I'd use your service vs. [email protected] (for example)?

    The value would be aesthetic + the bonus of not having email read for ad targeting. (which a lot of people dislike with gmail)
    I realize aesthetics sounds like a poor reason, but if you had to choose, I'm sure you would prefer [email protected] over [email protected]. Of course, there's pros and cons of using a big service like gmail vs a service like the one I'm looking to start, but that would be up to the end user to decide. (and my marketing team to figure out :P)

    As of right now, you pretty much have to do a little bit of research into buying your own domain, pointing it to the right nameservers/setting your own mx records/etc.

    I'm envisioning a free service with paid upgrades. (and a fluid domain registration implementation so that regular consumers can get custom email domains as well just by typing in their card details.)

    @raindog308
    I think you're confusing gmail with googleapps. I'd say Mxroute is closer to gapps (without as many apps of course). As mentioned before, I want the signup process to be closer to a free email provider like gmail/hotmail and NOT focused on providing email accounts for custom domains. The custom domain part would be an option after signup. I guess it was my fault for using gmail as an example, but hopefully I made myself clear now.

    Thanked by 1raindog308
  • agoldenbergagoldenberg Member, Host Rep

    I believe @jar has some expertise in this area :)

    Thanked by 1jar
  • raindog308raindog308 Administrator, Veteran

    Jonchun said: I think you're confusing gmail with googleapps. I'd say Mxroute is closer to gapps

    Yes.

    You should also consider

    • if you are going to support IMAP/POP
    • if you're going to do any kind of anti-spam
    • if you're going to do any kind of anti-virus

    I would think all of those would be required. IMAP/POP for mobile users (and desktop client people), and anti-spam/anti-virus because it's just become part of doing mail servers.

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    said: Spammers will often guess random things like [email protected] in order to try getting a valid email. A catchall domain will catch those emails as well

    Boy do they. Once you find yourself a victim of one of these attacks it only gets worse too. I've got many clients who have no idea that I fight off 400-500 spam e-mails per day purely on the fact that addresses like [email protected] fail because they have no catchall. It's only a dice roll between anyone with a catchall and this problem. Content filters are key there I suppose.

    What can I do for you? Happy to help. I don't have a lot of free time right now but happy to squeeze in some answers if I have any knowledge that can benefit someone else.

  • @Jonchun said:

    Cons:

    This was definitely the case until a while back but in the last 2 years I have yet to see a spam email coming to the usual suspects postmaster@, webmaster@, abuse@ etc. Not even an attempt of VRFY to these addresses.

    It may be that honeypots exist on these addresses and get aded into RBLs, I'm not sure.

    I may be an isolated case though, anyone else have noticed one way or the other?

  • @4n0nx said:
    Postfix supports this out of the box. Just add MySQL and use wildcard DNS, done.

    Wildcard DNS works only for incoming mail, for outgoing there will be issues with DKIM signing as it will get confused with SPF (DNS wildcard will match) and in the official docs they clearly say not to use wildcard DNS.

    I wanted to make some wildcard DNS on my domain but I need to be able to send as well ..

    Thanked by 14n0nx
  • JonchunJonchun Member
    edited March 2015

    @raindog308 said:

    Of course :) I'd agree the features you've mentioned are pretty much a given for any email service. Again, I'm still in the middle of researching all this as this is just the initial stage of brainstorming/getting comments/feedback, but I'll be looking for good anti-spam/virus solutions. Obviously SpamAssassin is there, but I'm not sure if it would be effective for a service like this. (it's pretty expensive for large quantities of email) I've heard http://sourceforge.net/projects/assp/ could be good too. If you happen to know of any possible solutions, I'd love to hear it as well.

    @Jar
    No specific questions right now as I'm just getting started, but some more general ones:
    1. Do you think this service is different enough from yours? Obviously there are going to be comparisons, but I'm not looking to just clone an existing service. I noticed you don't have domain registration, etc with your service. I'm assuming it's because your target audience are business-minded or people with some tech experience and would know how to do all that?
    2. When you say you fight off spam, do you do something custom, or do you use prebuilt anti-spam technology?
    3. How much actual "support" is involved after everything is setup? With web hosting/vps hosting, there are always a ton of support tickets to be answered. Is it similar with email hosting? (I would assume there's a lot less, but I could be gravely mistaken) Are there any common errors you've run across?

    Thanks everyone?

  • @Jar said:
    Boy do they. Once you find yourself a victim of one of these attacks it only gets worse too. I've got many clients who have no idea that I fight off 400-500 spam e-mails per day purely on the fact that addresses like [email protected] fail because they have no catchall

    Have you noticed a pattern (as in: is it a targeted attack or simply random across domains?). It would be slightly silly for spammers to waste their resources on guessing random addresses. I would think those addresses used to exist and were added to spam lists.

  • @tcpdump said:
    I wanted to make some wildcard DNS on my domain but I need to be able to send as well ..

    Hmm. This is a problem I haven't thought of. Maybe if necessary, I can skip out on DKIM? (Please don't hate me if this was a terrible suggestion. I'd love an explanation as to why it could be a potentially terrible idea though.)

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    @Jonchun Happy to help :)

    1. Definitely different enough. You certainly wouldn't offend me being a clone though, I think competition is healthy. I do tend to aim for people who generally are tech minded enough that they could set up a Google Apps account for their domain. I have plenty of clients who could not, typically they are actually a client of my client.

    2. I use SaneSecurity's ClamAV signatures in combination with SpamAssassin (some custom rules http://pastebin.com/G0c6hdsd )

    3. I have 322 active clients, 889 domains hosted, I get an average of 3 tickets per day. The most common questions are policy clarifications and people reaching out for more features (most common request is more similarities to Exchange). Actual support requests are typically bounced e-mail investigations and questions about spam filters, but those might make 2-3 tickets a week.

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    @tcpdump said:
    Have you noticed a pattern (as in: is it a targeted attack or simply random across domains?). It would be slightly silly for spammers to waste their resources on guessing random addresses. I would think those addresses used to exist and were added to spam lists.

    The only pattern I've noticed is that the ones that I would call a spam "attack" are almost always randomly generated names, not attempts at possible names. Clearly they are going directly after a catchall, names that look as random as "wrhvopip434u3p" to the eye. My clients that get targeted like this seem to have no idea why they would be targeted, and it seems to be that once one of these attacks lands mail in inboxes rather than responding to the sender with error messages, the attack simply never stops. It's like one day they don't care about you and the next you are their obsession...forever. No end in sight, months or years later.

    It's definitely a minority that will see this at all, but man does it hurt when it's you. It's tough to filter everything.

  • @Jar

    Thanks for the information! I'm surprised at how open you were as well. I bet some others will find it interesting as well. And how does resource usage generally look? (yes yes, it varies) I know spam scanning might be a little heavy cpu wise, but do you happen to have any rough estimates of resources I should be allocating per email account? While I will obviously need to do some testing to get real numbers, rough estimates from someone with more experience than I will definitely be a good start ;

    Thanked by 1jar
  • VPNshVPNsh Member, Host Rep

    @Jar said:
    Jonchun Happy to help :)

    1. Definitely different enough. You certainly wouldn't offend me being a clone though, I think competition is healthy. I do tend to aim for people who generally are tech minded enough that they could set up a Google Apps account for their domain. I have plenty of clients who could not, typically they are actually a client of my client.

    2. I use SaneSecurity's ClamAV signatures in combination with SpamAssassin (some custom rules http://pastebin.com/G0c6hdsd )

    3. I have 322 active clients, 889 domains hosted, I get an average of 3 tickets per day. The most common questions are policy clarifications and people reaching out for more features (most common request is more similarities to Exchange). Actual support requests are typically bounced e-mail investigations and questions about spam filters, but those might make 2-3 tickets a week.

    Kudos for being so open/transparent. We need more people to act this way.

    Thanked by 2Jonchun jar
  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    @Jonchun said:
    Jar

    Thanks for the information! I'm surprised at how open you were as well. I bet some others will find it interesting as well. And how does resource usage generally look? (yes yes, it varies) I know spam scanning might be a little heavy cpu wise, but do you happen to have any rough estimates of resources I should be allocating per email account? While I will obviously need to do some testing to get real numbers, rough estimates from someone with more experience than I will definitely be a good start ;

    Happy to help :)

    (MX1) System only dips as low as 81% idle during backups. The rest of the time it never drops under 98% idle. Using 155GB of storage, 61GB of that being local backup storage. Memory usage runs between 3.8GB and 4.5GB daily, mostly from IMAP connections.

    Server specs for that server: E3-1245v2, 32GB memory, 2x 2TB drives in RAID1.

    Thanked by 1aglodek
  • @Jar said:
    Server specs for that server: E3-1245v2, 32GB memory, 2x 2TB drives in RAID1.

    Woah so your server is basically overkill? Does it handle smtp/sending as well? Or do you use a 3rd party like I plan to do?

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    @Jonchun said:
    Woah so your server is basically overkill? Does it handle smtp/sending as well? Or do you use a 3rd party like I plan to do?

    Go big or go home I always say ;)

    SMTP is handled on that server. All e-mails are delivered instantly unless the recipient server forbids it or has a temporary problem. You can see some stats for yesterday, quite an average day: http://pastebin.com/sQktsQpT

  • @Jar said:
    SMTP is handled on that server. All e-mails are delivered instantly unless the recipient server forbids it or has a temporary problem. You can see some stats for yesterday, quite an average day: http://pastebin.com/sQktsQpT

    Ah perfect. You don't have any delivery issues then? Spam lists, etc? Do you rotate IPs at all?

  • raindog308raindog308 Administrator, Veteran

    Jar said: Go big or go home I always say ;)

    From what I have seen, antispam/antivirus chews CPU, though it's been a while since I've directly admin'd mail. Is that a big load on your server(s)?

  • @raindog308 said:

    (MX1) System only dips as low as 81% idle during backups. The rest of the time it never drops under 98% idle.

    I was super surprised at these too because I expected antispam to eat cpu.

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2015

    @Jonchun said:
    Ah perfect. You don't have any delivery issues then? Spam lists, etc? Do you rotate IPs at all?

    I rotate IPs less lately but I have a /28 from OVH that I can rotate from. To date I've terminated one spammer, and I've had one legitimate client spam because their password had been compromised (elsewhere, likely computer virus).

    OVH IP addresses are a pain in the ass because so many obscure blacklists just list their ranges right away without provocation. I have had to fight and fight to get two addresses from my /28 100% clean, and I'm going to have to let clients see some brief bounces to clear the others (many will not discuss whitelisting without a clear case of a bounce from their server) simply because I have no one I can e-mail at those domains to trigger a bounce (in these cases, postmaster is typically filtered differently). I can't remember which ones cause the most trouble at the moment, that's the only reason I'm not listing them. Verizon is probably one, can't just sign up for a Verizon e-mail address. Many of them will hear you say "subnet" and repeatedly ignore you and focus only on the IP that bounced.

    You can get on feedback loops if you own your IPs, but then we're talking about colocating within a DDOS protected facility because, let's face it, if you mention it here it's going to get attacked. So, for me, DDOS protection and clean IP addresses have been two problems pulling me in opposite directions. You just have to put in the work and you don't take no for an answer. Be excessively nice where you can and where you can't, ruin their lunch break every day until they just say "Fine I'll stop blocking you."

    Thanked by 2Jonchun aglodek
Sign In or Register to comment.