The day (or week) I left the Google cloud

Let me start with a couple of reasons and motivation first

Roughly 3 1/2 years ago I switched from a self-hosted service (mainly email, anti-spam, and some squirrel-mail based webmail service) to the Google Apps for your domain cloud. Back in the days the service was still free for non-organizational entities and switching itself was fairly easy. The cloud promised and offered so many nice things like (i) no more time spent for server administration, (ii) more services, all of them for free, (iii) better, faster, shinier web interface, and (iv) integration with mobile devices. Incidentally, 3 1/2 years ago was right when I got my first real smartphone (an HTC Desire, which is roughly equivalent with the Google Nexus) a couple of months before I started my Google internship in the safe-browsing team (fighting malware and phising). Life was great and dandy, the services were up and running and I quickly got used to the blazingly-fast (at that time) web interface. I happily used GMail, Blogger, and a couple of accompanying services for roughly 2 years then more and more glitches and other quirks started to annoy me.

Some of the reasons why GMail is no longer a lean, fast service are:

  • GMail is BIG, every time you log in a couple of megabytes of data need to be transferred before you even see the mail interface. This is especially a pain when you're using a 3G link.
  • It's about the UI (I don't want Google plus notifications ballooning up and Google hangouts fighting for my screen real estate, I want a fast email client).
  • Tons of crashes and glitches (yeah, I'm talking about you hanging hangouts).
  • Missing features for some countries (e.g., YouTube never rolled out for some European countries, e.g., Liechtenstein; therefore if my parents are logged into their GApps accounts then they cannot watch YouTube, all they get is an obscure error message blaming the administrator, or difficulties sending a hangout invite between a GApps domain and a GApps for universities domain)).
  • Google dropping XMPP support when moving from GTalk to Hangouts.
  • I started to get annoyed when Google dropped support for Google Reader which I replaced with a version of TinyTinyRSS running on my own server.
  • and most important of all: I want to have control over my data (and privacy - as far as this is still possible).

Running my own servers allows me to go back to signed (and encrypted) emails, allows me to backup my own email, and to make sure that nobody else logs onto my server and reads my raw data.

Preparation

Switching EMail providers is not an easy task (if you want to keep your EMail address). The task becomes exponentially harder the more services you want to migrate and to keep running. The services I am interested in are: IMAP (for EMail), contacts and calendar via carddav and caldav (for mobile support) and some web client to access my mail on the go. The tempting setup that Google offers is hard to drop and harder to replace. There is no open-source solution that provides all these services out of the box (except if you sacrifice all your security considerations and install a large blob of PHP files on your server that will wreck havoc on all your data). As I wanted to increase my privacy (and privacy can only be built on top of security) I had to roll my own setup.

After looking at current mail servers, web clients, calendar, and contact software (the last time I had my own server I used courier for imap, qmail for smtp, sqwebmail for on the go webmail, and a simple spamassassin to kill spam) I decided on the following setup:

  • Postfix for full blown SMTP capabilities with all the bells and whistles (plus it's much easier to configure than qmail).
  • Dovecot for IMAP (whereas IMAPS with a CaCert-signed certificate is preferred).
  • Roundcube for email access over https.
  • DaviCal for calendar and contacts.
  • Postfixadmin for simple administration of virtual domains, mailboxes, and aliases with a MySQL backend; the login credentials are shared between all the services (I did not want to keep a separate user database for each service).
  • Spamassassin, ClamAV, Amavisd, and postgrey to fight spam.

What is currently missing is a chat server; I looked into ejabberd and was actually quite happy with the software running on the server side. My intention was to replace Google Talk/Hangouts with a Jabber client but during testing I discovered that no single current client in the Debian weezy repository (my current Desktop) supports video/audio chats between two clients; even if the clients run the same software. I did not even get to testing interoperability between clients or operating systems or extended features like multi-party hangouts. I considered using a SIP server like Asterisk for a short while but did not want to go into the hassle of configuring a full blown PBX/call server.

The Setup: Server Side

Our server (currently) runs Ubuntu LTS 12.04 and all the needed software and packages were already available in the main repository (so there's no need to install extra, untrusted packages).

You can basically follow one of the many great howto's that are out there, e.g., the one on Ubuntu help.

What I had to learn in the process of setting up this mailserver was that running a secure mailserver became much more complex in recent years. Nowadays you don't only have to run your SMTP server and your IMAP or POP3 service but also Spamassasin, virus check, greylisting, integration between services, and other stuff. In addition to all the services described in the howto, I also added SPF entries to my DNS and started signing outgoing emails using DKIM (provided by the openDKIM package) and Roundcube with IMAP authentication. The other additional service I'm running is DaviCal with IMAP authentication to support both CalDav and CardDav services for my clients with the same login credentials as my IMAP server.

The Setup: Client Side

On the client I decided for a simple email/calendar/contact client that supported offline mode. I quickly looked into mutt but after 2-3 hours of configuration hell and not being able to figure out just the right shortcuts I settled for evolution as the main client. I keep all calendar and contact information on my local disc, email is downloaded using IMAP and cached locally as well. To keep calendar and contacts in sync across multiple devices I use syncevolution with the webdav backend.

Running in Production

I am now closing in on my first week without Google (or only using Google as an interim fallback if I'm unsure if something did not work, especially for calendar and contacts). So far I did not have any bad experiences except the one odd weird mail that I sent to some colleagues during testing or that I had to flush all contacts and calendar events 3 times when I messed up the import. Otherwise services have been running smoothly and I did not loose any data (neither old email, contacts, or calendar events).

The hardest part (except from setting up all this mess) is switching from the well-accustomed Google user interface to let's say evolution. In my opinion, the biggest change is going back to an old-school email client and in the last week I longed several times for the GMail-like threaded view where my answers are not just stored in the sent folder but also in the threaded views so that I can quickly view my answer to given open questions and discussions.

Conclusion

Going Google-less is possible but it is not easy. Setting up your own mailserver and testing the whole system will take you 3-4 full days and even after investing that much time you will not have all the convenience that the Google cloud offers. There will be delays, your email will not be as snappy as GMail (the average request might take a little longer but at least to my experience there are no big spikes of latency like the ones that Google sometimes has).

Things I really like are that I am now in full control over my data, I can run my own backups of the full configuration and of my emails (which I do daily), I can sign my emails (especially after the NSA revelations signing got a bit more common), and only the people I share my calendar and contacts with get access to my calendar and contacts. In addition, if we send email between accounts on our server nobody else is able to read these emails which is at least a step towards more privacy.

blogroll

social