this post was submitted on 26 Aug 2023
35 points (97.3% liked)

Selfhosted

40183 readers
1056 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I use O365 Business (Or whatever the heck they call it now) for my email, so for SMTP on all my devices at home, I use an O365 account with an app password, sending as a distro-group so it can have a custom name

This works, but I don't like how every device/server has O365 creds in it. I am thinking I should setup an SMTP Relay at home locally, which sends to O365 (Or Sendgrid, etc etc) and then SMTP on local services can just point to that local address

Is this the right way to go about it? What is the current best software do it? I've only ever had experience using IIS to do this, and of course I don't want to be running windows!

you are viewing a single comment's thread
view the rest of the comments
[–] cizra@lemm.ee -3 points 1 year ago (1 children)

You're trading one security issue (profileration of app passwords) to another one (an unauthenticated relay). Is it worth it?

[–] SheeEttin@lemmy.world 2 points 1 year ago (2 children)

An unauthenticated relay isn't a security problem when it can only send to certain addresses in 365, and isn't even accessible outside the local network.

[–] cizra@lemm.ee 0 points 1 year ago

Having an unauthenticated relay imposes the responsibility to configure it correctly (the "only certain addresses" part) and protect it (the "accessible outside the local network" bit). Are you sure it's not accessible? Did you remember to test with IPv6 too? Will it remain protected after the next time you mess around with your firewall for some totally unrelated reason?

If it works - good for you, but be mindful of all the baggage that comes with a new service.

[–] PuppyOSAndCoffee@lemmy.ml 0 points 1 year ago (1 children)

Well…it is a potential risk that links back to you pretty much directly. What is stopping some rogue sw from sniffing out smtp and then going bananas?

I would look for other ways tbh. Running smtp locally is imo asking for trouble.

[–] SheeEttin@lemmy.world 1 points 1 year ago (1 children)

It's behind a firewall for one. But even so, you should configure it to only accept connections from the local network, only send via 365, and only to your own address, then the scope is vastly reduced.

[–] PuppyOSAndCoffee@lemmy.ml -1 points 1 year ago* (last edited 1 year ago)

threat & impact is essentially identical => "so for SMTP on all my devices at home"; the home environment is a bit swampy, a mix of protected and unprotected network.

A worm/bot sending out mass emails from Business 365 would be perceptually damaging to the business; would advise against SMTP and instead look at other secure methods of provisioning identity that are not quite as labor intensive as sticking credentials in each nook and cranny. Or...simply don't utilize O365....