Saying Goodbye to Gmail.

Got rid of Gmail today, moved everything over to Proton :thumbsup: Now Google can go eat it. Until I figure out how to make port forwarding safe then i will setup my own email server.
 
Jackal65 said:
Got rid of Gmail today, moved everything over to Proton :thumbsup: Now Google can go eat it. Until I figure out how to make port forwarding safe then i will setup my own email server.
Click to expand...
Just note Protonmail has a 1 year inactivity period before they delete your account.
 
Smiggles said:
Just note Protonmail has a 1 year inactivity period before they delete your account.
Click to expand...
I will keep it active but I am thinking about something is port forwarding enabled on SIM cards? Asking for a friend :laugh:
 
Jackal65 said:
I will keep it active but I am thinking about something is port forwarding enabled on SIM cards? Asking for a friend :laugh:
Click to expand...

No. On LTE etc, the providers block incoming ports by default. You can use the unrestricted APN, available from the likes of Vodacom though, not sure if the other providers offer the same.
 
Jackal65 said:
Until I figure out how to make port forwarding safe then i will setup my own email server.
Click to expand...
Like it's back in the late 1990's or early 2000's?

Not an issue if you do it on an isolated LAN environment to play around with and gain some experience. By all means, give it a go, it is fun to do.
But... things on the public mail relay front has changed a lot over the last decade, so don't expect that the things that worked around the turn of the century will still work today.

If you still want to go the "I'll manage my own email environment" route then rather get an email hosting package at the ISP of your choice. Something like this (example only, not implying that you should use them specifically).
You'll have to register a domain as well, so that you can add the necessary host and MX records to DNS for email to be relayed to your domain. You will also have to set up SPF and DMARC records to avoid having any emails sent from your domain ending up in spam and junk folders and to deter spoofing of your email's domain name. Depending on the platform you might have the option to use DKIM keys as well, which adds a digital certificate to each email that gets sent to prevent in-transit-modification of the email - not a hard requirement, but a good solution to implement when possible.
I also seem to recall that home based packages for internet access do not allow the hosting of services as part of the FUP, so traffic to ports 25 and 110 will be blocked by default by the ISP/VSP. (not that those protocols are secure anyways, and mayor mail relays won't connect to them or accept connections to those ports) So your odds of actually getting email relayed using the home based hosting approach are extremely slim.
 
Sagax said:
Like it's back in the late 1990's or early 2000's?

Not an issue if you do it on an isolated LAN environment to play around with and gain some experience. By all means, give it a go, it is fun to do.
But... things on the public mail relay front has changed a lot over the last decade, so don't expect that the things that worked around the turn of the century will still work today.

If you still want to go the "I'll manage my own email environment" route then rather get an email hosting package at the ISP of your choice. Something like this (example only, not implying that you should use them specifically).
You'll have to register a domain as well, so that you can add the necessary host and MX records to DNS for email to be relayed to your domain. You will also have to set up SPF and DMARC records to avoid having any emails sent from your domain ending up in spam and junk folders and to deter spoofing of your email's domain name. Depending on the platform you might have the option to use DKIM keys as well, which adds a digital certificate to each email that gets sent to prevent in-transit-modification of the email - not a hard requirement, but a good solution to implement when possible.
I also seem to recall that home based packages for internet access do not allow the hosting of services as part of the FUP, so traffic to ports 25 and 110 will be blocked by default by the ISP/VSP. (not that those protocols are secure anyways, and mayor mail relays won't connect to them or accept connections to those ports) So your odds of actually getting email relayed using the home based hosting approach are extremely slim.
Click to expand...

I get it, it sounds stupid but when the recovery process fails at both the email provider and the accounts it is linked to the cost is actually high. High enough that I don't trust providers anymore. So when you say isolated network?

1746597981738.png

So I disable the WiFi on the ISP router open a Port on the ISP router.
Block that port in LAN 1 Give it different IP range so it cannot communicate with the port or the other router. Allow it to Keep its WiFi on for phones and stuff.

On LAN 2 I disable dynamic IP, disable WiFi and give the email server a static IP that is outside the range of the other router. Setup the Linux mail server and firewall for it. Setup Pop3s and SMTPs to encrypt my incoming and out going mail.

So if my understanding is correct my home network will not be exposed to the open port at all and if someone access it they can maybe get to the email server but that is it.?

I see you can get a domain name for next to nothing and it is renewable every 5 years. That is a long time for little money. I think it is like R500 or something. So all that said this should work?
 
In the context of my previous message isolated network means a network with just a switch and no routers. It's a playground to mess around in without affecting other equipment that people may depend on for whatever reason, and which has no risk of compromise by outside parties.

The picture you posted can theoretically speaking on the most basic level work to connect everything. For everything else it is a hit-or-miss situation and increases the potential points of failure.

If someone manages to get a foothold on your server then it gives them local access to your main router, which is much easier to run exploits against than from the public side since the LAN segment is generally trusted. Once the main router is compromised it affects all of your internet traffic, since they can perform man-in-the-middle attacks and listen in on clear-text network traffic. They can also mess around with DNS settings and reroute your internet traffic to other destinations without your knowledge.

The server can be abused for a lot of things, like joining it to a botnet for spam relaying, hosting of malware or malicious websites, making it operate as an anonymous proxy, using it as a C2C server, using it in DDOS attacks and so forth. Odds are that your ISP/VSP will eventually pick up on this traffic and block your connection and terminate your account since it violates the terms and conditions of use.
This risk requires you to constantly monitor your server for intrusions and to keep everything in the setup up to date. It will also require you to sleep with one eye open since the intruders will generally schedule their activity for the night (local time).

You will require a 3rd party digital certificate to set up TLS encryption for relay operations, so unless you can get "Let's encrypt" working it will cost you another R1k-R3k every 1-3 years for a digital certificate issued by a reputable 3rd party. For both cases you need to own a domain to use in the certificate and require some degree of experience in PKI technology to implement properly.

Setting up local POP3 and SMTP access is the easier part, getting your email to relay on the internet is much more tricky, where I suspect you are going to hit a few obstacles with your proposed setup. And even if you do get the latter part to work there is no guarantee that it will remain in a working state.

From experience over the years I have learned that more complex environments tend to lead to more problems that need fixing. (by you, the implementor)
Even if everything is set up correctly there is always something that out of the blue don't play along anymore.
Not an issue if this is your main source of income but for community service (aka home based use) it may be quite an administrative task to undertake and maintain.

That being said, the above is not a comprehensive list of obstacles that you will probably encounter and based on previous responses I am sensing that you are going to push through regardless of the warnings given by myself and some other members in this thread, without actually realising what you are letting yourself in for.
It's all good if you want to try it for the experience, but in that case it should be done as a playtest and not as an actual live implementation with other people dependent on it.
 
Last edited:
Sagax said:
In the context of my previous message isolated network means a network with just a switch and no routers. It's a playground to mess around in without affecting other equipment that people may depend on for whatever reason, and which has no risk of compromise by outside parties.

The picture you posted can theoretically speaking on the most basic level work to connect everything. For everything else it is a hit-or-miss situation and increases the potential points of failure.

If someone manages to get a foothold on your server then it gives them local access to your main router, which is much easier to run exploits against than from the public side since the LAN segment is generally trusted. Once the main router is compromised it affects all of your internet traffic, since they can perform man-in-the-middle attacks and listen in on clear-text network traffic. They can also mess around with DNS settings and reroute your internet traffic to other destinations without your knowledge.

The server can be abused for a lot of things, like joining it to a botnet for spam relaying, hosting of malware or malicious websites, making it operate as an anonymous proxy, using it as a C2C server, using it in DDOS attacks and so forth. Odds are that your ISP/VSP will eventually pick up on this traffic and block your connection and terminate your account since it violates the terms and conditions of use.
This risk requires you to constantly monitor your server for intrusions and to keep everything in the setup up to date. It will also require you to sleep with one eye open since the intruders will generally schedule their activity for the night (local time).

You will require a 3rd party digital certificate to set up TLS encryption for relay operations, so unless you can get "Let's encrypt" working it will cost you another R1k-R3k every 1-3 years for a digital certificate issued by a reputable 3rd party. For both cases you need to own a domain to use in the certificate and require some degree of experience in PKI technology to implement properly.

Setting up local POP3 and SMTP access is the easier part, getting your email to relay on the internet is much more tricky, where I suspect you are going to hit a few obstacles with your proposed setup. And even if you do get the latter part to work there is no guarantee that it will remain in a working state.

From experience over the years I have learned that more complex environments tend to lead to more problems that need fixing. (by you, the implementor)
Even if everything is set up correctly there is always something that out of the blue don't play along anymore.
Not an issue if this is your main source of income but for community service (aka home based use) it may be quite an administrative task to undertake and maintain.

That being said, the above is not a comprehensive list of obstacles that you will probably encounter and based on previous responses I am sensing that you are going to push through regardless of the warnings given by myself and some other members in this thread, without actually realising what you are letting yourself in for.
It's all good if you want to try it for the experience, but in that case it should be done as a playtest and not as an actual live implementation with other people dependent on it.
Click to expand...
I am going to get the tech Lingo wrong here. I am NOT an expert but this is how things are working right now.

I am not sure about the ISP router but I configured router LAN1 and LAN2 not to see the ISP router it uses the ISP router as a "default gateway" thingy. But not LAN1 or LAN2 can access the ISP interface. I remember setting up IP range separation on LAN1 and LAN2. LAN2 is when friends and family visit. I also configured the ISP to work with MAC so that I can use my USB LAN interface as a "key" so no computer can actually access the ISP "I think"
 
follow up, we Got the original phone back today looks good and upon putting the sim in we where able to get a OTP that worked with the Google account. For all the jackasses, it is a free ****ing world we can do whatever the **** we want with our networks. Nothing wrong with learning how to setup email servers and firewalls might even be handy later on who the **** knows maybe trump imposes a ****ing Google tariff or some ****. I actually hope he does just to piss in pool :ROFL:

They had to replace the screen and battery was replaced as well. So it is good as a backup. We had to wait for the battery. I am going to figure this port forwarding **** out because not only do I want to try and setup an email server but I want to setup CCTV later as well. :thumbsup:
 
Playing around with a home email server is all fine as long as it's not exposed to the internet.

If you are wanting to send/receive mail to/from a external email provider you will be severely disappointed.

There is a reason why almost all residential public IP's are on a black list with sending and receiving mail.
All major email providers will not allow mail to be received your home address. Even if you have DKIM/SPF configured the connection will still be refused.

The only mail you will receive will be spam.
 
Jackal65 said:
follow up, we Got the original phone back today looks good and upon putting the sim in we where able to get a OTP that worked with the Google account. For all the jackasses, it is a free ****ing world we can do whatever the **** we want with our networks. Nothing wrong with learning how to setup email servers and firewalls might even be handy later on who the **** knows maybe trump imposes a ****ing Google tariff or some ****. I actually hope he does just to piss in pool :ROFL:

They had to replace the screen and battery was replaced as well. So it is good as a backup. We had to wait for the battery. I am going to figure this port forwarding **** out because not only do I want to try and setup an email server but I want to setup CCTV later as well. :thumbsup:
Click to expand...
Lucky you. Go to the security settings for the Google account and add additional security steps and backup email.
 
For the last two years, I've been using YubiKeys as physical passkeys to log into my Gmail account (I have a primary and secondary key). They've worked great so far.


Takealot.com: Online Shopping | SA's leading online store

South Africa's leading online store. Fast, reliable delivery to your door. Many ways to pay. Shop anything you can imagine: TVs, laptops, cellphones, kitchen appliances, toys, books, beauty & more. Shop the mobile app anytime, anywhere.
www.takealot.com www.takealot.com
 
Jackal65 said:
For all the jackasses, it is a free ****ing world we can do whatever the **** we want with our networks.
Click to expand...
Well, I've been called worse things before... so I'll shrug this title off like the rest.
At least you are making an informed choice now.
Jackass... out. 🍻
 
Sagax said:
Well, I've been called worse things before... so I'll shrug this title off like the rest.
At least you are making an informed choice now.
Jackass... out. 🍻
Click to expand...
People call me a p0_$ all day long when i give them quotes on fixing their Taxis. But they always come back. So being called a jackass is rather tame :thumbsup:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X