undefined | Better HN

0 pointstoyg9y ago0 comments

You still have to update the OS or whatever you're running the mailserver on. You have to make sure it's not compromised nor DDosed, it doesn't run out of space, it doesn't crash or get stuck for whatever reason, etc etc.

Again, Docker isn't magic.

0 comments

3 comments · 1 top-level

ultramancool9y ago· 2 in thread

Updating the OS... usually a fairly rare occurence again, kernel vulnerabilities that affect you with minimal services exposed are quite rare, most vulnerabilities are local escalations and such which wouldn't affect just a mail server. When was the last remote root exploit in the linux kernel? Maybe SSH which would be the only other thing you might run... Neither is within my memory. I suspect these would be ever less frequent than mail service updates, if ever.

As for the rest those aren't really issues you need to actively watch, you'll just know when something goes wrong to take a look. I can't see running out of disk with just a mail service, crashes are... never and compromise/DDoS isn't really a risk if you secure it properly to begin with and update it that once every few years. It's really very hands off if you're not running any other services and just review the vulnerabilities.

I'm guessing this is even less of a problem for most of us though because I and probably many others around here already run a personal dev server which is kept up to date regularly, so I was speaking simply to adding mail functionality to an existing system previously.

toygOP9y ago

> I and probably many others around here already run a personal dev server

Oh yeah, me too, and tbh it's enough of a pain already without having to deal with mail, spam and the likes.

There is a reason that companies like Heroku exist and prosper; it's the same reason personal mail servers never saw mass-adoption, despite being one of the first things you could do on the internet. The anecdote that you find it easier than most doesn't change the reality of the matter.

ultramancool9y ago

I just don't understand where the difficulty some people have in mind comes from so I'm trying to understand it better. You don't have to be bleeding edge to be secure against remote attacks, most of the configuration is trivial, I think more people would do it if it wasn't made out to be such a difficult thing for no real reason.

Maybe if someone made an integrated mail server it'd be more common.

2 more replies

j / k navigate · click thread line to collapse