For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?

  • faethon@lemmy.worldEnglish
    611·
    2 years ago

    Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.

    • Tinnitus@lemmy.worldOPEnglish
      11·
      2 years ago

      I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).

    • peregus@lemmy.worldEnglish
      41·
      2 years ago

      Me too, I’ll never self host my email server. Too much time that I don’t have to set it up correctly, manage the antispam and other thing that I don’t even know . And if it goes down and I don’t have time to look into it (which would be the case 95% of the time 🙈), I’ll be without email for I don’t know how long.

    • Anafroj@sh.itjust.worksEnglish
      3·
      2 years ago

      Gladly, fail2ban exists. :) Note that it’s not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I’ve actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.

      • StarDreamer@lemmy.blahaj.zoneEnglish
        21·
        2 years ago

        CrowdSec has completely replaced fail2ban for me. It’s a bit harder to setup but it’s way more flexible with bans/statistics/etc. Also uses less ram.

        It’s also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.

        Edit: fixed url. Oops!

        • Anafroj@sh.itjust.worksEnglish
          2·
          2 years ago

          Thanks for mentioning it, I didn’t know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it’s a private server, only meant to be accessed by me and people with deep links. I’ve whitelisted IPs commonly used by my relatives, and I’ve made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn’t fly on a public server. :)

          Note for others reading this, the correct link is CrowdSec