What type of hardware are you using: VPS bought online What YunoHost version are you running: 12.0.11 How are you able to access your server: SSH Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no
Describe your issue
Upon setting up Yunohost on a Digital Ocean VPS, I was able to resolve most issues listed under diagnostic.
One of the remaining issue is email. I can say that all ports are open, and Yunohost reports that it can receive from Port 25. But, also notes that it cannot send via Port 25. I tried to read more about this - if only to learn that maybe over the years some of the big named VPS providers have lower reputations for spam. Is there a How-To for working around this issue?
I’ve used a email relay for a Discourse server. I did plan on doing the same in this case, but I came across the below link with the caution about relays.
How concerned should I be about an email relay for a GoToSocial app?
If you buy a VPS and you can’t connect to tcp:25 outgoing I wouldn’t pay money for it. But that is only my opinion.
About your question: how concerned you should be about an email relay can’t be answered generally. You need to trust your email relay and that is the point.
Selfhosting is partly about not needing to trust and having yourself control and responsibility over your data.
I’m selfhosting on a dynamic IP using my yunohost as my main email without any relay. Another way to work around the limitations of the connectivity available to your server is to have a vpn.
I’m running a wireguard connection to a host having a known-to-work-for-email IP. Outgoing connections to tcp port 25 are routed via policy routing over wireguard to that host. There the connection is routed to the final destination after applying source nat.
On my MX record there are two host: the fqdn of my dynamic IP and the fqdn for my wireguard-router.
The advantage over an email relay is
tls connections are end-to-end encrypted and can be trusted even though they’re routed through a host running at some third party
incoming mail often uses my home internet connections and even doesn’t leave any meta data at the third party
if the wireguard routing is broken the setup automatically falls back to trying routing outgoing mail via my home internet connection which works at least for some targets
setup would be easy to complement with more wireguard-routers at other providers if need be