Silkenweb Example: Hackernews Clone

A serverless email server on AWS using S3 and SES

422 points by mzehrer 5 years ago | 260 comments

arno1 5 years ago
> This stack was created out of frustration due to the fact that to this day there's no easy way to have a full email server without the overhead of installing and configuring all servers needed to handle incoming and outgoing messages.
Interesting approach, though I solved this frustration by the use of a Docker and kept "my data is mine" + "no vendor lock-in" + "I control all the gears" approach. (Though, it's not perfect since VPS is ran by "someone" else.. but that place where you run this stack can be easily changed at your convenience). Simple docker-compose.yml with 3 images and voila.
This AWS S3 SES setup looks far more complex than what I did using only 3 docker images: the postfix (for smtp), dovecot (for imap), opendkim (for email sigining & verification). It's really easy to fire-up a VPS with a single click nowadays.
If someone is interested in the images I am using:
- https://git.nixaid.com/arno/postfix
- https://git.nixaid.com/arno/dovecot
- https://git.nixaid.com/arno/opendkim
Then you just feed the images with the right configs (main.cf, master.cf, .., dovecot.conf, opendkim.conf).
It's also possible to template the configs and make the variable-based configs. Make things scale friendly. I am also using Terraform to automate the server deployment/DNS record updates so it is easy to get from 0 to 100.
The only drawback is that you are the one to maintain the OS/SW upgrades, security, etc.. but that's something I really want to do by myself instead of relying on someone else :-)
- tuldia 5 years ago
  Thanks for sharing!
  Your setup seems sane and pretty close to what would be if you want to run the same thing on a single server.
  It makes the code base in the original link looks like a proprietary duct tape spaghetti :P
  I just recommend setup postscreen[1] and rspamd[2].
  1. http://www.postfix.org/POSTSCREEN_README.html
  2. https://www.rspamd.com/
  - fiddlerwoaroof 5 years ago
    Another “serverless” route for Docker containers is to deploy the containers with Fargate which isn’t too hard and gives you autoscaling without having to re-architect your application for serverless. (And has correspondingly less vendor lock-in)
- Canada 5 years ago
  > Interesting approach, though I solved this frustration by the use of a Docker and kept "my data is mine" + "no vendor lock-in" + "I control all the gears" approach.
  Yeah, I totally understand the desire. And even hosting this on a cloud, you benefit from SMTP TLS sometimes, presuming no active MITM and the cloud service not actively abusing its privileges on your VM or storage. Which is probably not happening widely. At least as opposed to the protocol level logging that SES or similar services do for sure.
  I recently opened some new accounts at AWS and other large one for a new company... first thing to do is setup mail of course. Both denied my request to allow SMTP. AWS ominously rejected me with some vague "maybe one or more of these reasons" including prior ToS violations or payment issues with "linked" accounts.
  Frankly it's scary, and so far they are stonewalling me on any details as to what I "may" have done. AWS is one place I sure don't want to have a bad reputation with.
  - brazzledazzle 5 years ago
    Fraud detection is such a frustrating double edged sword. They can’t share what was detected or why because the bad guys will start taking it into account. That leaves us with manual human review as the only means to address false positives. But that doesn’t scale so it’s either backlogged, low quality or nonexistent.
    - m4rtink 5 years ago
      Rather seems likely laziness hiding behind the guise of "security". Such a bad user experience is inexcusable.
- coder1001 5 years ago
  Do you mind writing a blog post somewhere explaining to noobs how this can be done?
  This will be a great post with lots of traffic I imagine!
  Thanks, great work!
  - ab_testing 5 years ago
    If you are a noob with a domain and need to host your own mail server, you need mail-in-a-box. Look it up. It runs on a VPS and configures email and even a static site for your domain. It also comes with a dashboard where you can create additional email accounts.
  - arno1 5 years ago
    I am actually thinking on writing it since long ago... But not motivated enough... :/
    - angrais 5 years ago
      I'd read it! As would others, so perhaps knowing you have an interested audience might motivate you further?
    - idclip 5 years ago
      You sort of almost already did with your reply. Just copy it, add pics, add code, add more text and details,
      Done.
      Do it.
    - theSuda 5 years ago
      Please find some time to write it. It would be a great resource for self hosting.
    - wishinghand 5 years ago
      Another vote for a blog post, please.
    - social_quotient 5 years ago
      I’d read it
- jpdb 5 years ago
  > The only drawback is that you are the one to maintain the OS upgrades, security, etc
  Since you are running everything in docker this could probably be made easier by using a slimmed down distro with automatic updates.
  You'll still need to make sure your docker images are updated and patched though.
  - arno1 5 years ago
    > You'll still need to make sure your docker images are updated and patched though
    Of course. ;)
- wildduck 5 years ago
  Have you considered: https://haraka.github.io ?
  I have being running it on a instance with 1 GB ram and it is running pretty smoothly.
- ascorbic 5 years ago
  Don't you have problems with deliverability? I've found sending emails directly from an AWS IP (i.e. not via SES) has major issues with reputation management. It's really easy to have outgoing emails mysteriously spam filtered.
- xmly 5 years ago
  I think his solution is serverless, no need to maintain the servers.
  But both solutions are kind for developers, not for end-users.
- 5 years ago
- jijji 5 years ago
  complex but not to mention expensive. i wonder what the costs per month would be sending/receiving a relatively small workload per day (1000 messages) doing it with SES and S3 versus a cheap vps provider.
  - social_quotient 5 years ago
    The SES and S3 side of things would be free?
    (62,000 free per month) https://aws.amazon.com/ses/pricing/
    Yes, complexity would be a factor for sure.
    - why_only_15 5 years ago
      For receiving they only get 1,000 free, and for both after that it's $0.10/1,000 emails, which isn't very much at all.
    - sathyabhat 5 years ago
      It's 62,000 free only if the emails are being sent from an EC2 instance, else it is $0.10 for every 1,000 emails you send.
- danenania 5 years ago
  Another drawback is that while yes, you can scale up fairly easily with terraform, your server can also fall over if you get a heavy burst of traffic, and you'll return errors until you're able to provision more machines. Depending on what you're doing, how fast you're growing, and how much tolerance your users have for downtime, that might be a pretty big deal.
  - vidarh 5 years ago
    You can set up autoscaling groups via terraform just fine, with a little bit of care taken to ensure that you trigger on the right metrics.
    If anything mail is pretty much the easiest thing you can possibly pick to scale, because the inbound mail will be automatically retried. And haproxy in front of SMTP servers works just fine (really, any load balancer that can load balance raw TCP connections, but I've used haproxy to load balance thousands of messages a second).
    For your user-facing side you need a bit more resiliency, but nothing stops you from using a service like SES to back a traditional setup for sending either. Reliably scaling outbound mail is the easy bit - the hard part is the reputation management that managed mail services provides, and no specific deployment mechanism will solve that.
    - danenania 5 years ago
      Sure, but for heavy/bursty traffic, you can still have downtime while new VMs spin up. Retries might save you or they might make the problem worse, depending on the size and pattern of the burst and how your auto-scaling config interacts with the retry config of various hosts.
      It may seem like a nitpick or something not worth worrying about, and for most that's probably the case. But for some businesses it could be a crucial difference. My point is simply that this is a legitimate benefit of serverless that wasn't mentioned above--I didn't think that would be a controversial point.
    - crtlaltdel 5 years ago
      > Reliably scaling outbound mail is the easy bit - the hard part is the reputation management that managed mail services provides, and no specific deployment mechanism will solve that.
      ^this. if you want to send email its not hard....but if you want that mail to pass spam filters its a different problem altogether. hosted services like SES and mailgun will expose problems in how you are using emails (not handling bounces, not handling unsubscribes, etc) and in our case was very helpful.
  - arno1 5 years ago
    Yeah, this is normal. One bus can't fit more people than it physically can.
    The high load can be alleviated by the use of more MX server DNS records (and the MX servers of course, across the different locations), LBs, smarter thresholds. Of course nothing is a panacea.
    Either way you will hit the AWS's limits or will get a huge bill. And then, even if you set up the budget limits, it still won't make the service more available once you reach the limits.
    - danenania 5 years ago
      If you're running a saas and the increased traffic comes from paying customers, you likely prefer a huge bill to downtime.
      But apart from that, there's a huge benefit in saying "I'm happy to spend any amount up to X" and not needing to do any capacity planning beyond that vs. continually trying to guess what's the right % to over-provision your VMs and having downtime when you get it wrong.
  - dillonmckay 5 years ago
    Email itself has built-in resilience for such scenarios.
    - z3t4 5 years ago
      If it's a well behaving e-mail server it will keep trying to send the e-mail... A trick to stop spammers is to block all new connections for an hour. While spammers wont try again. Sadly some legitimate e-mail servers will not try again either :/ Also some e-mail servers wont try your backup e-mail server... Some servers will even give up if they haven't been able to establish a connection within a second. Some developers/admins give zero shit about edge cases and conditions outside their developer machine.
  - kortilla 5 years ago
    It’s a mail server. Traffic bursts aren’t really a thing unless you’re servicing thousands of users.
    - danenania 5 years ago
      Right, I'm looking at this more as a potential backend for an email-heavy saas, in which case I think handling bursts without downtime could be pretty important. If you just need a mail server for yourself or a small company, I agree it's not an issue.
giu 5 years ago
Just a friendly reminder, since I've worked with SES in the past: Don't forget about bounces when using SES [0].
From [0]:
> If your bounce rate is 5% or greater, we'll place your account under review.
To sum it up, try to keep track of bounced e-mails by using the SES notifications [1].
[0] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/e-faq....
[1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/monito...
- statictype 5 years ago
  We accidentally had ses credentials set up on our QA server and quickly got banned for sending too many sdf@sdf.com emails. Took quite some time to get it unbanned. Since then we switched to Mailgun for email delivery but ses is still useful for processing incoming email via Lambda
  - giu 5 years ago
    Very good point about sending test e-mails, which also reminds me of the next friendly reminder: SES has a Mailbox Simulator [0] where you can send e-mails to specific e-mail addresses and check the notifications you receive, e.g., bounces.
    If you're using the SNS notifications [1], these notifications will be JSON objects [2]; you can then use a notification to extract the information needed, e.g. a bouncing e-mail address to be stored in a local registry in case of a bounce notification.
    [0] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/mailbo...
    [1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/notifi...
    [2] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/notifi...
  - cyberferret 5 years ago
    We are careful to use throwaway email addresses like randomusername@mailinator.com on our dev and staging servers so they still get delivered, but we can just forget about them.
    Really interested to learn about the SES simulator address though (posted as a reply on this thread) - don't know how we missed that, and it would have really helped with early testing when we were developing the email queueing system on our app.
    - laurentl 5 years ago
      We configure all our test addresses to success@ses.amazon.com (or whatever the simulator address actually is) so we don’t spam or get banned by inadvertance
abjKT26nO8 5 years ago
I don't know anything about serverless --- to this day I fail to understand what this word is even supposed to mean. And the deployment diagram[1] sure looks complicated to me. I think I prefer old-school servers.
[1]: <https://raw.githubusercontent.com/0x4447/0x4447-product-s3-e...
- throwGuardian 5 years ago
  The benefits to using this approach over a traditional server are:
  1. Someone else maintains the software running these services, including OS upgrades, security upgrades and patches, uptime monitoring, etc.
  2. Since every logical component is an independent service, each scaling independently, any one single component is unlikely to become a bottle-neck while scaling. In traditional monolithic servers, you'll have to have contingency plans if you beat storage/network/CPU/RAM limits
  3. The closest thing to this is to break up a monolithic email server into microservices and deploy them as independently scalable containers, which is a considerable engineering effort.
  Assuming this works as advertised, you can go from zero to a full blown email service for organizations with thousands of people (assuming the stated AWS limits are lifted), in record time
  - tuldia 5 years ago
    > 1. Someone else maintains the software running these services, including OS upgrades, security upgrades and patches, uptime monitoring, etc.
    This is the standard marketing phrase echoed to promote serverless. By experience, I don't think is valid. Packages like unattended-upgrades automates all this stuff.
    Also, not being able to verify what the software is doing is scary and looks like a 10 steps backwards to me.
    > 2. Since every logical component is an independent service, each scaling independently, any one single component is unlikely to become a bottle-neck while scaling. In traditional monolithic servers, you'll have to have contingency plans if you beat storage/network/CPU/RAM limits
    Except when it comes with a bottle-neck by default. Running mail servers requires rather little resource.
    > 3. The closest thing to this is to break up a monolithic email server into microservices and deploy them as independently scalable containers, which is a considerable engineering effort.
    Why in earth? Have you seen the postfix architecture?
    > Assuming this works as advertised, you can go from zero to a full blown email service for organizations with thousands of people (assuming the stated AWS limits are lifted), in record time.
    I'm pretty sure one can have a up and running mail server while the "cloudformation" thingy will still be running :)
    - xienze 5 years ago
      The long and short of it is that “serverless” is all done on a pay-per-use basis. So is running a VM to host an email server — let’s say $5/month on the low end. With this setup you’d be paying pennies a month assuming normal personal usage. If you were running an email server for your Fortune 500 company, yeah this wouldn’t make sense. But for personal usage? Assuming SES isn’t on the shit list of Google et al this is fire-and-forget, and dirt cheap.
    - steve76 5 years ago
      I'm working on a dat project implementation. If I could rely on the Nearby Connections API and SyncManager, I wouldn't need servers. The data would just go client to client and eventually hit the server which would be just another peer that can do things phones can't.
      Serverless to me is abstracting all the cloud providers away for provisioning, and it's first class. If Lambda's down, whatever hardware you could build and ship to a data center is down too. I now have access to the same critical data center tools.
      Also code completion. Take my code, and rewrite for performance and security. Run it on some OS that is always rewriting itself. I want the power not the grid.
  - vidarh 5 years ago
    > Assuming this works as advertised, you can go from zero to a full blown email service for organizations with thousands of people (assuming the stated AWS limits are lifted), in record time
    All the hard parts of doing that are in dealing with reputation, not in setting up a mail server or or scaling it. I've run an e-mail service with ~2 million users on hardware with comparable CPU, memory and IO capacity to my current laptop in the past. Setting up the mail server was not the time consuming part.
    And the reputation bit in this instance is handled by SES. If you put a regular mail server behind something like SES for outbound messages, that's simple too.
    While I do see benefits to serverless, this seems to me to be a good demonstration of how it is still in a totally embryonic state when it comes to things like ease of use.
  - notyourday 5 years ago
    > Assuming this works as advertised, you can go from zero to a full blown email service for organizations with thousands of people (assuming the stated AWS limits are lifted), in record time
    As someone who has been in this industry for over 30 years from being a grunt to wearing CTO hats if there's one thing that my experience unquestionably taught me is that there's absolutely nothing ever works like it is advertised. Ever.
  - robszumski 5 years ago
    I really think you can get a serverless experience with a radically different OS than we think of the set-it-and-forget-it Linux OSes. If you have an OS that is designed for self maintenance a lot of these problems go away, but your debugging experience isn't super different. I expand these thoughts here: https://robszumski.com/serverless-with-servers/
  - darau1 5 years ago
    This mentions that they're using S3 as the interface, and I'm not sure if SES provides POP/IMAP support for your email clients.
- scarface74 5 years ago
  I still fail to understand why 4 years in, people seem to be confused about the idea that definitions of words involve over the years and that the computer industry has both been coining and adopting phrases.
  But a quick Google search is all that it would take to “understand it”
  https://en.wikipedia.org/wiki/Serverless_computing
  - cddotdotslash 5 years ago
    Not a single post on Hacker News can use the term "serverless" without the exact same replies being posted every time. It's as if a certain portion of the HN crowd simply cannot fathom that a new term exists and is in use, and instead resort to the same, tired responses.
    - rumanator 5 years ago
      > Not a single post on Hacker News can use the term "serverless" wits nhout the exact same replies being posted every time.
      As a serverless skeptic/critic, the buzzword bingo aspect of serverless computing is far from being the problem, and it's a gross missrepresentation of the problems posed by serverless computing.
      The main problem with server applications such as AWS lambda, along with lack of control, is how utterly expensive it becomes by enforcing a SaaS business model to simple function calls, and how convoluted and needlessly complex it becomes by having to resort to yet another premium service to simply manage workflows (see AWS step functions).
      Suggesting that any criticism of the serverless fad is just old grumpy incompetent developers that are too dumb to understand the future and are to scared of being out of a job is a disingenuous attack on anyone who has the audacity of not falling behind a fad.
    - bloopernova 5 years ago
      I think some folks are afraid of losing their jobs, so they lash out with snark.
    - tuldia 5 years ago
      Seems that you edit your comment quite a bit, eh?
      ---
      > Not a single post on Hacker News can use the term "serverless" without the exact same replies being posted every time.
      Indeed.
      > It's as if a certain portion of the HN crowd simply cannot fathom that a new term exists and is in use, and instead resort to the same, tired responses.
      If was only "a certain portion/crowd" it will have no responses at all.
      I see more like:
      "It's as if a certain portion of the HN crowd simply cannot fathom that servers exists and is easy to use, and instead resort to the same, tired responses."
  - abjKT26nO8 5 years ago
    Under this link I read:
    > Serverless computing is a cloud-computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity.
    So I don't see too much of a difference from a VPS I pay for that will cost me more if I start using more network bandwidth.
    But then I hear that you don't have ssh access and that your architecture is built around one specific vendor, so now you can't move to a different provider. Sounds like hell to me.
    - scarface74 5 years ago
      If I don’t have any messages in my queue/request to my API/messages in my stream, I am not paying for VMs or networking.
      If I have thousands of messages in my queue, enough runtimes are started to handle the messages with the throughput I configure.
      And as far as worrying about one vendor, the lock in boogeymen is vastly overrated. Once you have any type of scale, even if you are just using a bunch of VMs (and if you are you’re spending more money for a cloud provider than just using a colo without any of the benefits), once you have your data in the databases, network configurations, your security rules, your connection to the cloud provider with sitters Direct Connect, a site to site VPN, client to site VPNs for all of your developers, you’ve gone through security audits, etc. you’re for all intents and purposes locked in anyway where the pain of migration will be a multi month project with little to show for it.
      It’s like all of those bushy tailed architects who are going to use the repository pattern and not use any database specific SQl just in case one day the CTO decides to move away from their six figure a year Oracle installation to Mysql.
  - corobo 5 years ago
    I've found that "I don't even get what the word is supposed to mean" is someone's first experience with tech fear. In my experience (including my own personal anecdata) they tend to mean "I don't want to learn this new thing and because of that I'm worried I'll be left behind if everyone switches to this"
    - scarface74 5 years ago
      I also don’t get this. I’ve been programming either professionally or personally for 30+ years. But this isn’t a new phenomenon.
      Back in the early 90s you had an “Apple II Forever” movement with people still holding on to their 8 bit Apple //e’s while Apple and the rest of the world moved on.
    - rumanator 5 years ago
      > I've found that "I don't even get what the word is supposed to mean" is someone's first experience with tech fear.
      This is a gross misrepresentation of the actual problem affecting the "serverless" fad, which is the buzzword overload accompanied by a lack of objective definitions. Function-as-a-service (FaaS) is an objective, clear-cut concept, but "serverless computing" is supposed to be a more general term where FaaS is only a realization of the concept. Yet, by keeping the concept as a buzzword then the proponents actually avoid having to argue the merits and the advantages of this sort of architecture, thus contributing to the growing skepticism.
    - abjKT26nO8 5 years ago
      As I wrote in another comment, there is a world of software outside of web development. And I'm not especially fearful of being left behind. I spend almost all my free time learning new things. But I wouldn't really jump at the opportunity of learning something that locks me into a single company's services. Learning the fundamentals of computers seems like a much better use of my time.
  - 5 years ago
  - vsareto 5 years ago
    I can't wait until society swaps the meaning of left and right through memes
    - wodny 5 years ago
      The Ministry of Serverless (Miniless) is working on it.
- tuldia 5 years ago
  Indeed.
  I suspect the "serverless" word was created due to the emotional appeal to a specific (majority) group that is strongly opinionated against having servers at all.
  Reading from the README.md file:
```
  There are two major limitations with SES:

    For security reasons, AWS defaults to 200 emails sent per 24 hour period at a rate of 1 email/second. If you need to send more than that, you'll need to ask AWS to increase your limit.
    By default, you can't send emails to unverified addresses. If you'd like to be able to send (as opposed to just receiving), you'll need to reach out to AWS to remove this limitation from your account.
```
  I see zero benefit in having complete vendor lock-in, non-sense limitations, seriously, with a $5 VPS can send at least 300 emails per minute.
  - e12e 5 years ago
    I find these absurdly limited mail services strange. The one time I had to craft some "extra" email, was sending out surveys to an opt-in group for an EU project. There were some 10 000 recipients, and we had to send each a different email, in order to link responders with surveys (ie: a template email with description and an unique url of the form https://example.com/survey/123xyz).
    Generating the emails in a naive loop and sending them via python took an insignificant amount of time - but in the end we worked out doing batches of 2000 at a time was easy enough - and with some help from the college that ran the email service (via exim) it all worked out (if you're going to send 10k mails in a day, it's nice to give your postmaster a heads up).
    Hosting the mail server ourselves (using eg exim or postfix) would've worked too. Not sure about any of the spam-as-a-http-api services - even with custom domains they tend to have poor reputation, and they have these silly limits that mean they're not only not "auto scaling" - they're very low performance.
    - mschuster91 5 years ago
      The problem is spam. The big providers providing hosted emails do a lot of work to make sure the emails people send with them actually end up at the recipients inbox and not in spam quarantine - but that doesn't work if the provider is then used by spammers. So the limits are set to discourage spammers while making most use-cases for email still possible.
      If one were to ask me what to do, I'd say emails should cost 0.1 cent each, to be paid to the recipient...
  - tehbeard 5 years ago
    > non-sense limitations
    Limitations to block bots setting up, spamming, then tearing down over and over to avoid filters.
    Its easy enough to ask for a limit increase and you'd only likely run into issues as a new account with little biking history.
    That said 100% agree in this solution being a poor choice w.r.t vendor lock in.
  - kccqzy 5 years ago
    The emails sent by your $5 VPS wouldn't stand a chance of actually being delivered to people's Gmail or Outlook mailboxes. Whereas SES actually works.
    Also, it is incredibly easy to ask AWS support to increase the limit. A startup I worked with had only thousands of users; we told AWS about it and they gave us 5 million emails per 24 hours.
    - tehbeard 5 years ago
      They stand the same chance, just setup dkim and spf as any of the hundred guides will tell you how to.
      Debate it on vendor lock in, reliability and out sourcing sysops, not on having to maybe manually set up some DNS records.
    - progval 5 years ago
      I run my own email server, with no spam filter, and inspect where every spam comes from. I get a lot of spam from random shitty providers, but none from major VPS providers (Scaleway, Hetzner, Linode, Digital Ocean, ...) with the exception of OVH.
      I do however get spam from Amazon SES a couple of times a month.
    - tuldia 5 years ago
      > The emails sent by your $5 VPS wouldn't stand a chance of actually being delivered to people's Gmail or Outlook mailboxes.
      The emails sent from my $5 VPS arrives in Gmail's priority box :)
    - maxmalysh 5 years ago
      This is FUD spread by hosted mail services.
  - ldoughty 5 years ago
    All those limits are removed within hours and are one time support ticket requests. AWS doesn't want every account to be instantly usable as a spam account if someone is compromised.
    I think the more significant annoyance would be the lack of IMAP/POP, I don't see how that is addressed.
  - Can_Not 5 years ago
    SES sending email pricing:
    > $0.10 per 1,000
    I don't think a single send email API counts as "vendor lock-in".
- JulianWasTaken 5 years ago
  It's fairly simple, though maybe you mean you don't understand why it's good (or if it is), rather than what it is.
  But all it means is "we manage the server, both physically but also its operating system, you just bring your application code and we'll run it".
- anonu 5 years ago
  Serverless is beautiful. You just need to try some basic serverless concepts. Like run a website on S3.
  But to your second point, I agree. the technical hurdle required to learn all the configuration and moving parts ... And then to know that this language is vendor specific... Makes it less palatable.
  That's why I expect the cloud vendors to normalize their offerings over time. I should be able to take a CloudFormation template from aws and put it through Googles Deployment Manager
  - bathtub365 5 years ago
    How is running a website on S3 different from uploading your website to a shared hosting provider 20 years ago? How is it “beautiful”?
    - anonu 5 years ago
      That type of hosting didnt scale. You paid a flat fee for capped CPU and bandwidth.
      Hosting today scales linearly in terms of resources and costs...
      In addition you can hook up additional AWS services as your needs arise:
      Add a CDN and deliver content to the edges, faster .
      Add lambdas to handle regular updates to content, or basic authentication when users come in.
      Monitor usage via Cloudwatch
      Add in serverless API via API Gateway - and provides users more dynamic functionality.
      Yes - the vendor lock-in is a major downside. Serverless isnt for everyone, neither are the big cloud vendors... YMMV.
    - notyourday 5 years ago
      I'm afraid you are forgetting about developers today that had never uploaded a static website to a shared hosting provider.
    - jdminhbg 5 years ago
      My shared hosting provider 20 years ago didn't have a CDN and would fall over if I got too popular.
- bouncycastle 5 years ago
  "serverless" is just "managed hosting" under a new name, I believe.
  - scarface74 5 years ago
    No it’s not just managed hosting. Managed hosting still means there is a server to maintain, patch, and that it is always running.
    - tyingq 5 years ago
      There's a firecracker VM and a Linux OS under the Lambda. Both of which need to be maintained by Amazon.
      Edit: "managed cgi-bin" is perhaps more apt.
    - quantummkv 5 years ago
      So it's essentially GoDaddy's side business where you uploaded some code using ftp and they took care of everything else?
    - ighk77 5 years ago
      To you. But the world has moved on from Apple 2e and now managed hosting is analogous to serverless.
      See because only science has a concrete fixed point for measuring which is the speed of light.
      Human culture is subjective buzzwords where the only relative fixed point is when they learned a term.
      Serverless is “managed hosting 3.0”.
      First there was bare metal, run your cage. Then ec2/traditional VMs. Now just an ephemeral thread.
      Computer people need to stop thinking in terms used by product & marketing people. Reasoning around it from the perspective of how it’s implemented specifically helps with the understanding.
      It’s a Linux OS wrapped in layers of UX to facilitate composition of services. Unix command line tools at scale.
      Cloud provider is just an OS at scale. They handle CPU, memory, scheduling, etc., all the same things a desktop OS does from the end user perspective, using a different process model we don’t generally care about as end users
      Hopefully OpenAPI will help normalize this interface. Who knows though. Rich people like to drag their feet when they think sticking with the status quo gives them an advantage. Bezos may feel like making it easy to copy paste away from his cloud is a shitty idea
- tyingq 5 years ago
  Your link, fixed: https://raw.githubusercontent.com/0x4447/0x4447-product-s3-e...
- choward 5 years ago
  My biggest problem with the "serverless" term is that it's a solution to a few different problems conflated into one term.
  * Not having to manage a server.
  * Not having to have dedicated resources which can be wasteful.
  * Having an architecture that scales.
  When most people talk about serverless, they mean something that solves all three of those problems. When I think of serverless, I think it only needs to solve the first problem.
  What if I don't want to manage a server, but I want dedicated resources? I just want to deploy a standard web app (written with node js for example) with a postgres backend and preallocated resources but without having to maintain a server? Is that serverless?
  - im3w1l 5 years ago
    Sounds like a webhost.
- rahuldottech 5 years ago
  Yeah, it's a really dumb term.
  > Serverless computing is a cloud-computing execution model in which the cloud provider runs the server
  ...so, there is a server? What's with the name, then?
  - petercooper 5 years ago
    I don't get the faux-naivety over the term "serverless". Most modern cars have "keyless" unlocking and ignition, yet.. you still need a key present. You just don't have to think about or manipulate the key. Serverless is much the same.
    - arkanciscan 5 years ago
      It's like people who hold up snowballs and say there's no global warming.
  - bdcravens 5 years ago
    You may be shocked to find out that the infrastructure behind a wireless phone does indeed use wires.
  - arno1 5 years ago
    Probably this means that there is no server you can SSH to nor need to maintain. It could probably be called a serverhostage/server-lock-in computing, where someone else keeps the _shared_ server(s) away from you and runs other people's, potentially harmful, instructions as well :-)
    - rumanator 5 years ago
      > Probably this means that
      Ok, so "serverless" is just a buzzword that doesn't really have a good meaning. That's doesn't really matter. To me it's just easier and actually meaningful and objective to refer to services like AWS lambda as "Function as a Service".
      https://en.wikipedia.org/wiki/Function_as_a_service
    - shantly 5 years ago
      I remember serverless PHP. Shared, managed hosting, just add your code, Apache takes care of executing it once per request :-)
    - AznHisoka 5 years ago
      So how is it different than running it in the cloud?
  - krapp 5 years ago
    >...so, there is a server? What's with the name, then?
    The name is just a marketing gimmick. Absent any other context, "serverless" seems like it must be a paradigm shifting technology so sufficiently advanced that it renders servers obsolete, as if by magic.
    It's the same sort of trick that people sometimes pull when they show off an application to "do x in 10 lines" (or some absurd low number), when the app is just making API calls to a remote server running several million LOC.
    - MaxBarraclough 5 years ago
      It's an annoying marketing term, sure enough, but the ideas it names aren't terrible. It's not always a mistake to pay someone else to take care of maintenance, scaling and security.
      Perhaps managed service would be better?
  - johannes1234321 5 years ago
    There is no dedicated server for this. The engine picks a server and deploys the code as needed and terminates it if usage goes away.
    Once the thing has no requests there is no more server where the code is deployed.
    In a "normal" environment you have dedicated machines where the code is ready to run.
- kseistrup 5 years ago
  Serverless: Somebody else's server
  - ldoughty 5 years ago
    I would argue a better description is --
    Serverless: abstracted services that don't require you to know or care about the underlying server.
    It's still not perfect, sometimes you do need/want to know/care, but it's usually superficial -- e.g. what libraries are installed by default so I can optimize the build.
  - scarface74 5 years ago
    No, and this is why we have a bunch of old school Net ops guys who pass one certification, call themselves “cloud consultants”, do a bunch of lift and shifts and leave clients paying more than just using a colo.
    - ldoughty 5 years ago
      Serverless is an architectural and design strategy. Run away from anyone that claims EC2 is serverless.
      You can't lift and shift to serverless... Period. The design choices are almost always breaking changes.
- manigandham 5 years ago
  IaaS = your data + code to run it + create servers to run the code.
  PaaS = your data + code to run it. Servers automatically provided.
  SaaS = your data. Code and servers are automatically provided.
  Serverless is just another name for PaaS where your bring your code, which can be deployed as a single JS function in a text file or an entire container running anything.
  - grepfru_it 5 years ago
    PaaS is a collection of SaaS's. Your platform is made up of x,y,z services. Your services are made up of x,y,z infrastructure.
- perlpimp 5 years ago
  Higher level of execution abstraction. With cloud execution granularity is an instance on a server somewhere that you have to deal with. With serverless execution granularity is your bit of code "function" and cloud now provides not only processor but also a software platform to execute your logic.
- k__ 5 years ago
  "the deployment diagram[1] sure looks complicated to me"
  It's just very detailed.
  It also includes all the CI/CD services/roles they used.
  28 boxes alone are permissions related.
  The stuff that runs in the end (like a server would) are 3 Lambda functions and an S3 bucket.
  - jessaustin 5 years ago
    Maybe that tells us something about how complicated handling permissions on AWS might be?
    - k__ 5 years ago
      I don't know.
      You have a service and give it a role that has some permissions. If you want to have the minimal permissions probably would at least end up with services*2 roles&policies if you write a custom policiy for every role, so the service can't do more than needed.
      I mean, you could probably calculate one role and one policy for all the stuff that runs, to make it really simple, but I don't think this will make it secure.
      But, yes, I don't like IAM either.
      I read some people don't even use it anymore, but I didn't find out what they are doing instead.
- genezeta 5 years ago
  One of the things that characterizes our culture in Cybernus is language.
  As we aimed to be an ever evolving civilization, it was decided that our language should then be, also, ever evolving. Once a month, during The Update -our most significant celebration where new discoveries, thought trends, etc, were presented to the population at large- a time was reserved for the ritual of language renovation. A number of random words, somewhere in the range of 30 to 50, were marked as outdated while a similar number, again from 30 to 50, of new words was introduced into the language as the words to show you were current with your civic duties of evolution and progress.
  Usage of so called outdated words wasn't re-classified as a crime until much later, and only as a way to better enforce the goal of Continuous Progress. For some time you were just seen as an outcast or simply as one of the billions of poor people. Poverty was not so much defined in economic terms mainly because it wouldn't have meant much, with what happened in 2043 and all that. Instead being poor now meant you were someone that did not have access to enough information to participate in the careless happiness of Continuous Progress. But as I said, not keeping up with language evolution is now considered an offence and repeater offenders are forced to undergo re-adjustment.
  Of course, after a short period of going through this, it was noticed that it's not so easy to continuously come up with new words and not make the language a unintelligible garble. And so words are recycled rather than discarded, which was a wasteful and unsustainable thing to do anyway.
  -- Excerpt from "A Visitor in Cybernus" - a "recollection of future history" from Sean M. Ferion. 2007. Sadly out of print and very difficult to find.
- tomc1985 5 years ago
  It means you string a bunch of shit together via aws lambda instances and docker microservices
  If its any consolation, at this years Vegas AWS love-fest, most people started walking out once the Amazon presenter started talking 'serverless' recipes
- reaperducer 5 years ago
  to this day I fail to understand what this word is even supposed to mean
  It means the same thing as "cloud:" You're renting someone else's server.
- docuru 5 years ago
  A fancy word for “hosting for modern web/app”
- Waterluvian 5 years ago
  Serverless = Managed Server
  - scrollaway 5 years ago
    Managed on-demand server, specifically.
- chrischattin 5 years ago
  The term serverless is such a misnomer.
  While this is a cool project, you'd use 3 different servers at a minimum here.
  - rospaya 5 years ago
    Serverless doesn't have a server like wireless doesn't have cables. It does, but you don't manage it.
  - sfifs 5 years ago
    It's pretty well understood by now that serverless is meant to connote that you (the firm owning the application) don't manage the server(s). Someone else does it while you just bring your application code.
    - chrischattin 5 years ago
      Correct. It is a misleading term, imo.
  - scarface74 5 years ago
    Do you also complain when people say they have a “bug” in their code or that they have a “server farm”? Are they literally watering the server floor and waiting for computers to grow?
    - chrischattin 5 years ago
      Not at all. It's in this case, using the term serverless is akin to calling cloud based software (Google Docs, TurboTax, etc) softwareless. It's closer to calling a stop sign a "go sign" than descriptors from your example. Calling managed servers "serverless" is distinctively misleading.
    - wodny 5 years ago
      There is a huge difference between a metaphor (resemblance) and contradiction (stating it is and isn't something at the same time).
- kcdev 5 years ago
  I think and hope this guy is trolling. If not he will be left behind if a back end dev. Even if you have"real" servers this is how your micro services should be built.
  - abjKT26nO8 5 years ago
    > I think and hope this guy is trolling. If not he will be left behind if a back end dev.
    There is a world of software outside of the web-development bubble. Just saying.
primitivesuave 5 years ago
Thanks for putting this together and documenting it so well. I’ve had to build this solution twice now, and far less elegantly.
The S3 PUT charges caught me off guard the first time (receiving lots of marketing/spam email will cost $1/1000 emails). I ended up putting small emails up to 400 kB in dynamoDB and only using S3 for large emails and attachments, which could be a means of cost reduction in this solution as well.
- mactunes 5 years ago
  Honest question: how did you arrive at 1$/1000 mails? When I look at S3 peicing it says 0.005$/1000 PUTs.
  Are there a lot of requests made or am I missing something else?
Cyph0n 5 years ago
I’ve been working on a small side project that involves processing incoming email. In particular, it’s an app that needs to do something for each email it receives from (hopefully paying!) users.
I am not interested in storing user mail, so SES is just too costly, at least according to a quick worst-case calculation.
That leaves me with two options:
1. Self-hosted Postfix
2. Mail service like Mailgun
With (1), there is no need to worry about overages, but scaling the mail server might be challenging.
The advantage of (2) over SES is that you are only charged a flat fee for each email, regardless of size. Emails are then automatically deleted after some period of time. Scaling up and down is easy.
For now, I am using Mailgun, but I am writing the mail processing daemon in a way that will make it easy to transition to Postfix, if needed.
Also, I decided to write the mail processing backend in Rust, so I’ve been learning the language as I go!
- tuldia 5 years ago
  > I’ve been working on a small side project that involves processing incoming email. In particular, it’s an app that needs to do something for each email it receives from (hopefully paying!) users.
  I wish you all the best! Mind if I ask for the link?
  > With (1), there is no need to worry about overages, but scaling the mail server might be challenging.
  Honestly, quite the opposite.
  1. Duplicate your MX box.
  2. Duplicate your MX record.
  That is it :)
  > I am writing the mail processing daemon ... in Rust...
  You might like to take a look in https://github.com/mailman/mailman for ideas/inspiration. It's a great tool for processing emails too, but cannot deny I'm now curious to see how one in rust will look like.
  - Cyph0n 5 years ago
    Thanks! No link yet, but there is a messy GH repo: https://github.com/aksiksi/vaulty
    Yes, I only learned about MX record priorities last night haha. With Postfix, the most straightforward way to run code on receiving an email seems to be through a pipe filter. Running multiple filter processes probably requires a beefy server.
    Thanks for that link! I might just use a similar approach to allow users to configure how to receive emails (HTTP or stdin, etc.).
    - unilynx 5 years ago
      Then limit the number of filters... you can have postfix run a fixed number of smtpd processes, and each process handles only one message at a time.
      When they're all full, your server will just stop handling messages, but SMTP will retry anyway, giving you plenty of time to scale up if the load is consistently too high
    - tuldia 5 years ago
      Thanks for the link!
      Seems like a really fun project.
      > I only learned about MX record priorities last night haha.
      Nice!
      > With Postfix, the most straightforward way to run code on receiving an email seems to be through a pipe filter.
      True.
      Take a look into LMTP, you may be able to "read the email" directly from your rust daemon (via unix socket or tcp) :)
- woutr_be 5 years ago
  I’m actually doing something similar, I opted for SES, S3 and Lamda, I am a bit worried about costs, especially when i need to scale up, and handle larger emails.
  - Cyph0n 5 years ago
    Yeah, SES is not cheap for scenarios where you expect to handle larger emails.
- wiradikusuma 5 years ago
  I thought SES is the cheapest of all since it's the lowest level? (Compared to Mailgun etc)
  - Cyph0n 5 years ago
    No, especially if you’re expecting emails with large attachments.
    SES charges $0.09 per 1000 mail “chunks”, where a chunk is 256 Kb of data. This is on top of the base SES fee and S3 operation and storage fees.
    - jdub 5 years ago
      But it only charges for each complete chunk. So < 256KB is free, 256KB is $0.09/1000, etc.
- wolco 5 years ago
  Mailgun would seem cheaper than this.
  I use Postfix/dovecot to self host.
coding123 5 years ago
Seems like a crazy amount of architecture. Does AWS keep all this stuff organized in some way, or will my personal experiments in Lamba accidentally break this because it's all merged together?
Say I've installed this.
I now want to write my own lamba service to handle contact form POSTs or something. Then I decide to delete it, but I accidentally delete one of these crazy email things. What happens?
- drwiggly 5 years ago
  You can make "new" sub accounts from your main account. If you wanted to segregate it completely.
theqult 5 years ago
>his day there's no easy way to have a full email server without the overhead of installing and configuring all servers needed to handle incoming and outgoing messages.
https://mailinabox.email/
anonu 5 years ago
Now someone just needs to create a serverless (aka client side or browser only) Gmail like interface you can host on S3.
And the shackles will be broken...
- arno1 5 years ago
  https://www.rainloop.net ?
  Anyway, what is the point in moving from one Giant to another Giant? :-) Unless it saves the cost, I don't see the benefit of such hassle.
  - Normal_gaussian 5 years ago
    Most serverless offerings are somewhat compatible with a pitcher of greasing. It would be a doable exercise to duplicate this codebase for a few other platforms.
- eeZah7Ux 5 years ago
  > shackles will be broken
  By tying your entire email system to a single cloud provider?
  This is lock-in on steroids. (Oh, and zero privacy)
insomniacity 5 years ago
I'm missing something - how are people reading this in an email client if it doesn't have IMAP support?
- geek_at 5 years ago
  I think the bigger problem is that you can up their bill by spamming them
- arkanciscan 5 years ago
  It seems that you are expected to read email by viewing the contents of the S3 bucket. That's a pretty big caveat.
- TheSpiciestDev 5 years ago
  My take away is that you'd be able to receive your emails and customize the handling of every email.
  i.e. emails are received and put into specific buckets/folders and then, per message, a process is triggered to do something unique (put into database, forward to another IMAP'ed box, etc.)
bsder 5 years ago
Please don't use '+' for special purposes in email addresses without making it changeable (I recommend '_' instead).
Yes, it is "nominally" accepted--in reality there are too many website that "validate" email addresses and barf on '+'.
newman8r 5 years ago
If you only need to read the emails from S3, take a look at this project https://github.com/mewa/s3abird
lowdose 5 years ago
Yes this is legit! Got it to work on a throwaway domain under 30 minutes.
whatsmyusername 5 years ago
You can get receive at any address on a domain forwarded to whatever email you want if you're registered with Monicker.
I imagine most other registrars offer the same thing.
glandium 5 years ago
Note that SES only retries delivery for a fixed 840 minutes (not configurable), which is an annoyingly too short amount of time.
Boulth 5 years ago
Wow, this is cool! JSON structures resemble JMAP. I wonder what'd be the effort to add JMAP endpoint to this?
- chrismorgan 5 years ago
  JMAP is a radically different beast. The similarities between this thing’s JSON format for sending and JMAP’s Email data type are superficial only: they’re both JSON and are representing the same thing, so it should be no surprise that they look similar. But that’s a quite tiny part of what JMAP is: JMAP is an object synchronisation protocol. (And this is why JMAP so much more complex than the typical REST API. And why I prefer it so much.)
  I also think the JSON here is only for sending, not for receiving—I presume that you’ll receive the MIME message, because otherwise you’d be throwing away all kinds of essential information.
  All of this gets you basically nowhere along the path to JMAP, and achieving a JMAP endpoint would be a lot of effort. This project doesn’t look to be at all suitable as a base for such an endeavour. Things like sorting (e.g. newest first), querying (e.g. emails from so-and-so) and JMAP’s state management (so the server can tell you “something changed” and you can ask the server to tell you what changed since x, rather than needing to throw everything away and start again) don’t work well within the design of this system—you need to store lots of extra details along the way, maintaining indexes and other such things.
  For such an endeavour, I would instead recommend either wrapping an existing mail server in serverless voodoo (much of which I expect to be not too hard: you’re essentially just replacing ingress and egress and not running it as a daemon; but there will be architecturally difficult parts like getting push channels working probably), or starting new mail server software from scratch designed to be able to work serverless.
  (I work for Fastmail on our webmail. I have general knowledge of how mail servers work internally, but little specific knowledge; for example, I have no idea how amenable Cyrus, which we use and develop, would be to serverless packaging.)
  - Boulth 5 years ago
    Thank you for your detailed in depth response!
    For the record it seems this seems to do some basic processing:
    > The Inbox or Sent folder triggers another Lambda function that loads the raw email, converts it to a .html and .txt file, and stores it alongside the original message, while storing any attachments in the attachments.
    This looks OK for me having clients do indexing and processing. From your description it seems JMAP choose a different tradeoffs and puts more services on the server side.
    - chrismorgan 5 years ago
      This project seems to be designed more for a process-and-delete workflow, whereas JMAP is designed as a general-purpose object synchronisation protocol on which you can build arbitrary email clients.
- smokeyfish 5 years ago
  JMAP as in the JSON Meta Application Protocol?
coder1977 5 years ago
How does this compare to setting up something like sendy (sendy.co) on lightsail and connecting to SES?
raoulbhatia 5 years ago
... and I thought about a similar thing (Email server using Lambdas) just yesterday ... ^^
z3t4 5 years ago
What about email signing?
- eeZah7Ux 5 years ago
  After surrendering all your data to a cloud provider?
  - vidarh 5 years ago
    Signing e-mail servers two different purposes:
    Authenticating the actual sender vs. authenticating the server or service controlling the domain for reputation purposes.
    If you trust Amazon enough to use their cloud services, there's little reason not to trust them for the latter. Doesn't mean trusting them with respect to the former.
    Things like DKIM makes no assertion that the content was sent by the right person; just that whomever controls the domain has trusted the service in question to send e-mail on their behalf.
  - z3t4 5 years ago
    Making the data someone else's problem. :P One cool thing with the cloud is that you can work with the data without it leaving the "cloud". If the consumer of the data, eg the e-mail client is also in the cloud, it really doesn't matter where the HDD is located.
eivindga 5 years ago
Cool project! I'll make sure to test it someday.
Thanks for sharing!