Review: Helm Personal Server gets email self-hosting (almost) exactly right

Tuesday December 4, 2018. 05:00 PM , from Ars Technica

Enlarge / The Helm Personal Server, in situ in my office during the review.

Specs at a glance: Helm Personal Server

CPU
Quad-core 1.6GHz ARM Cortex-A72 w/TrustZone crypto module

RAM
2GB ECC

Storage
128GB NVMe SSD w/256-bit AES-XTS encryption

Connectivity
802.11ac/a/b/g/n, Bluetooth 4.2, Gigabit Ethernet, 2x USB-C 3.0

Dimensions
111.1mm x 180.9mm x 130.1mm (4.375' x 7.125' x 5.125')

Price

$499.99 at the Helm store (plus $99/year subscription, waived for first year)

As Ars security-meister Dan Goodin noted in his initial write-up back in October, the Helm Personal Server is a small-ish ARM-based email server that sits in your home and does for you what Gmail or Outlook.com or whomever your current email provider does for you. It’s a full-featured, single-domain (for now) MTA in a box that you can use with an unlimited number of email addresses and accounts, and it gives you 128GB of space to use as a mail store for those accounts. It also gives you CalDAV calendaring, notes, and CardDAV contacts, and it does it all with open-source applications that are chosen and configured in a way that demonstrates a solid bias toward individual security and privacy.

And I like it. I like it a lot. I didn’t think I would, but after spending a week with the device, I’m almost ready to spring for one—almost. And that’s high praise, coming from a paranoid email self-hoster like me.
Based on my short time with the Personal Server, the praise is properly earned. The Helm team based its product mostly around the same mail stack that I personally prefer and use—the holy trinity of Postfix for SMTP, Dovecot for IMAP, and SpamAssassin for keeping things clean. The device properly uses SPF, DKIM, and DMARC—and handles all the DNS stuff necessary to make those things work. End-user data is smartly encrypted at rest and in flight. Clever use of tunneling to AWS-based gateways transparently works around common ISP blocks on email service ports. And, perhaps most importantly, you don’t have to know what any of that stuff means to use the device securely—casual folks who maybe just want to lessen their reliance on Google or Microsoft will find the transition to Helm relatively painless, and there aren’t many ways to screw it up and make yourself less secure.
Read 98 remaining paragraphs | Comments