1 00:00:00,000 --> 00:00:02,280 This deep dive is supported by Safe Server. 2 00:00:02,280 --> 00:00:07,480 And expensive proprietary email and cloud services 3 00:00:07,480 --> 00:00:10,000 from vendors like Microsoft or Google, 4 00:00:10,000 --> 00:00:12,920 they can really, really eat into an organization's budget. 5 00:00:12,920 --> 00:00:13,920 Oh, absolutely. 6 00:00:13,920 --> 00:00:16,020 It's a massive line item for most places. 7 00:00:16,020 --> 00:00:16,760 Right. 8 00:00:16,760 --> 00:00:19,360 But it turns out many of these expensive services 9 00:00:19,360 --> 00:00:21,800 can actually be replaced by open source solutions, 10 00:00:21,800 --> 00:00:23,920 like the one we're discussing today, 11 00:00:23,920 --> 00:00:26,640 which can result in just massive cost savings. 12 00:00:26,640 --> 00:00:29,280 Yeah, and cost isn't even the only factor here, right? 13 00:00:29,280 --> 00:00:29,800 Exactly. 14 00:00:29,800 --> 00:00:33,720 When you're dealing with legal, regulatory, or compliance 15 00:00:33,720 --> 00:00:37,000 requirements, things like strict email retention, data 16 00:00:37,000 --> 00:00:40,720 protection, financial records, audit trails, data sovereignty 17 00:00:40,720 --> 00:00:42,160 is just absolutely critical. 18 00:00:42,160 --> 00:00:42,660 Right. 19 00:00:42,660 --> 00:00:44,120 You need total control over your data. 20 00:00:44,120 --> 00:00:44,760 You do. 21 00:00:44,760 --> 00:00:46,340 You need to know exactly where it lives. 22 00:00:46,340 --> 00:00:48,180 Not just cross your fingers and hope 23 00:00:48,180 --> 00:00:50,920 it's safe on some tech giant server farm out 24 00:00:50,920 --> 00:00:52,000 in the desert somewhere. 25 00:00:52,000 --> 00:00:54,560 Yeah, hoping is exactly a great security strategy. 26 00:00:54,560 --> 00:00:55,880 No, it's really not. 27 00:00:55,880 --> 00:00:57,680 And that's where Safe Server comes in. 28 00:00:57,680 --> 00:00:59,920 They help organizations find and implement 29 00:00:59,920 --> 00:01:03,960 the right open source solution for their exact needs, 30 00:01:03,960 --> 00:01:07,160 taking you from initial consulting 31 00:01:07,160 --> 00:01:10,160 all the way through to operation on highly secure German 32 00:01:10,160 --> 00:01:10,680 servers. 33 00:01:10,680 --> 00:01:12,260 Which is a huge piece of mind. 34 00:01:12,260 --> 00:01:13,040 Totally. 35 00:01:13,040 --> 00:01:15,640 So you can find more information and get started 36 00:01:15,640 --> 00:01:18,280 at www.safeserver.de. 37 00:01:18,280 --> 00:01:19,840 Highly recommend checking them out. 38 00:01:19,840 --> 00:01:22,280 So OK, let's unpack a scenario that 39 00:01:22,280 --> 00:01:24,600 is probably happening in an office building near you 40 00:01:24,600 --> 00:01:25,880 right this very second. 41 00:01:25,880 --> 00:01:27,360 Oh, I bet I know where this is going. 42 00:01:27,360 --> 00:01:27,920 Right. 43 00:01:27,920 --> 00:01:29,200 So picture this. 44 00:01:29,200 --> 00:01:33,280 Deep in a server closet, there's this reliable, incredibly 45 00:01:33,280 --> 00:01:35,800 expensive piece of hardware. 46 00:01:35,800 --> 00:01:39,640 Maybe it's a heavy duty legacy scanner or a massive APC 47 00:01:39,640 --> 00:01:40,560 network switch. 48 00:01:40,560 --> 00:01:41,600 Built like a tank, right? 49 00:01:41,600 --> 00:01:42,480 Exactly. 50 00:01:42,480 --> 00:01:44,880 And for a decade, it has worked flawlessly. 51 00:01:44,880 --> 00:01:47,360 Just silently doing its job, shooting off 52 00:01:47,360 --> 00:01:49,720 an automated email alert to the IT department 53 00:01:49,720 --> 00:01:51,440 whenever something needs attention. 54 00:01:51,440 --> 00:01:53,920 A low tone or warning for a temperature spike, yeah. 55 00:01:53,920 --> 00:01:54,960 Yeah, exactly. 56 00:01:54,960 --> 00:01:57,640 Then today, it just goes dark. 57 00:01:57,640 --> 00:01:59,040 The email's completely stopped. 58 00:01:59,040 --> 00:02:00,120 Just out of nowhere. 59 00:02:00,120 --> 00:02:00,920 Yeah, right. 60 00:02:00,920 --> 00:02:02,280 And the machine isn't broken. 61 00:02:02,280 --> 00:02:03,600 The network isn't down. 62 00:02:03,600 --> 00:02:07,200 It has simply been locked out of the modern internet. 63 00:02:07,200 --> 00:02:11,120 Yeah, and I mean, we see this exact frustration playing out 64 00:02:11,120 --> 00:02:13,840 all over the user reviews we pulled from SourceForge 65 00:02:13,840 --> 00:02:14,800 for today's Deep Dive. 66 00:02:14,800 --> 00:02:15,640 It's everywhere. 67 00:02:15,640 --> 00:02:16,400 It really is. 68 00:02:16,400 --> 00:02:18,000 People are just pulling their hair out 69 00:02:18,000 --> 00:02:21,200 because a $10,000 piece of infrastructure 70 00:02:21,200 --> 00:02:25,920 suddenly can't send a simple PDF or a basic warning message. 71 00:02:25,920 --> 00:02:28,320 And the culprit is usually just a policy change 72 00:02:28,320 --> 00:02:29,800 at a major cloud provider, right? 73 00:02:29,800 --> 00:02:33,520 Exactly, which is exactly what our mission is today. 74 00:02:33,520 --> 00:02:35,560 We are taking a stack of sources, 75 00:02:35,560 --> 00:02:37,640 a highly detailed technical user guide, 76 00:02:37,640 --> 00:02:39,920 and those real-world SourceForge reviews 77 00:02:39,920 --> 00:02:43,240 to basically demystify a tool called Email Relay. 78 00:02:43,240 --> 00:02:44,160 Email Relay, OK. 79 00:02:44,160 --> 00:02:46,400 Yeah, the documentation calls it a lightweight store 80 00:02:46,400 --> 00:02:48,280 and forward mail server and proxy. 81 00:02:48,280 --> 00:02:50,120 Store and forward. 82 00:02:50,120 --> 00:02:52,080 OK, so our goal today is to translate that 83 00:02:52,080 --> 00:02:55,400 into plain English to explain why you might desperately need it 84 00:02:55,400 --> 00:02:59,000 without even realizing it and explore how it actually 85 00:02:59,000 --> 00:02:59,960 works under the hood. 86 00:02:59,960 --> 00:03:02,680 Right, because if we look at why that scanner in the closet 87 00:03:02,680 --> 00:03:05,880 went dark, it really comes down to how email fundamentally 88 00:03:05,880 --> 00:03:06,600 works. 89 00:03:06,600 --> 00:03:08,040 OK, break that down for us. 90 00:03:08,040 --> 00:03:10,800 So in the old days, devices used a protocol 91 00:03:10,800 --> 00:03:14,960 called Simple Mail Transfer Protocol, SMTP. 92 00:03:14,960 --> 00:03:16,760 Right, SMTT. 93 00:03:16,760 --> 00:03:17,880 Still hear that a lot. 94 00:03:17,880 --> 00:03:19,360 Yeah, and back then, they would just 95 00:03:19,360 --> 00:03:22,040 shoot an unauthenticated message onto the network. 96 00:03:22,040 --> 00:03:24,840 It was basically like dropping a postcard in a mailbox 97 00:03:24,840 --> 00:03:26,080 without a return address. 98 00:03:26,080 --> 00:03:28,200 Just trusting the system to deliver it. 99 00:03:28,200 --> 00:03:29,200 Exactly. 100 00:03:29,200 --> 00:03:32,120 But today, because of the massive volume of spam 101 00:03:32,120 --> 00:03:34,800 and security threats out there, big providers 102 00:03:34,800 --> 00:03:37,960 like Microsoft 365 or Google Workspace, 103 00:03:37,960 --> 00:03:39,960 they're actively blocking that kind of traffic. 104 00:03:39,960 --> 00:03:40,780 Oh, wow. 105 00:03:40,780 --> 00:03:42,720 So they just reject the postcard entirely. 106 00:03:42,720 --> 00:03:44,880 Yep, they demand modern authentication. 107 00:03:44,880 --> 00:03:47,040 They demand secure encrypted connections. 108 00:03:47,040 --> 00:03:48,840 OK, so the legacy device is standing there 109 00:03:48,840 --> 00:03:51,480 trying to hand over a plain, handwritten postcard. 110 00:03:51,480 --> 00:03:54,400 And Microsoft 365 is just standing like a bouncer, 111 00:03:54,400 --> 00:03:56,800 demanding a government ID and a retina scan. 112 00:03:56,800 --> 00:03:58,320 That's a great way to put it, yeah. 113 00:03:58,320 --> 00:03:59,720 The old hardware just doesn't speak 114 00:03:59,720 --> 00:04:00,960 that modern security language. 115 00:04:00,960 --> 00:04:03,000 It literally cannot provide the credentials 116 00:04:03,000 --> 00:04:04,480 the cloud provider is asking for. 117 00:04:04,480 --> 00:04:07,080 Which leaves IT departments with a pretty terrible choice, 118 00:04:07,080 --> 00:04:07,840 right? 119 00:04:07,840 --> 00:04:09,160 Oh, the worst. 120 00:04:09,160 --> 00:04:12,400 You either replace perfectly good, incredibly expensive 121 00:04:12,400 --> 00:04:15,680 hardware just to get email alerts working again, 122 00:04:15,680 --> 00:04:17,680 or you somehow bridge the gap. 123 00:04:17,680 --> 00:04:18,560 Bridge the gap. 124 00:04:18,560 --> 00:04:21,000 Yeah, and that is where Email Relay comes in 125 00:04:21,000 --> 00:04:22,520 as the sort of middleman. 126 00:04:22,520 --> 00:04:27,160 You just install it quietly on a local Windows or Linux machine 127 00:04:27,160 --> 00:04:28,560 inside your own network. 128 00:04:28,560 --> 00:04:29,960 I like to think of it as a highly 129 00:04:29,960 --> 00:04:32,000 efficient bilingual courier. 130 00:04:32,000 --> 00:04:32,920 Oh, I like that. 131 00:04:32,920 --> 00:04:34,880 Right, because you tell your old scanner, hey, 132 00:04:34,880 --> 00:04:36,560 don't try to talk to Microsoft anymore. 133 00:04:36,560 --> 00:04:37,920 You're just going to confuse them. 134 00:04:37,920 --> 00:04:40,640 Just hand your simple, unauthenticated postcard 135 00:04:40,640 --> 00:04:43,160 to Email Relay right here on the local network. 136 00:04:43,160 --> 00:04:44,120 Exactly. 137 00:04:44,120 --> 00:04:46,840 And then Email Relay takes that basic message, 138 00:04:46,840 --> 00:04:49,840 packages it up into a highly secure envelope, 139 00:04:49,840 --> 00:04:52,520 stamps it with all the proper modern credentials. 140 00:04:52,520 --> 00:04:53,880 Applies the right encryption. 141 00:04:53,880 --> 00:04:55,920 Yes, applies the encryption, and then it turns around 142 00:04:55,920 --> 00:04:58,360 and hands it off to the strict upstream provider. 143 00:04:58,360 --> 00:05:01,480 And because it sits locally, your legacy device 144 00:05:01,480 --> 00:05:04,040 never even has to navigate the open internet. 145 00:05:04,040 --> 00:05:05,080 Never. 146 00:05:05,080 --> 00:05:07,160 Email Relay catches those local emails, 147 00:05:07,160 --> 00:05:09,360 holds onto them, or spools them, as they 148 00:05:09,360 --> 00:05:11,080 say if the internet happens to be down, 149 00:05:11,080 --> 00:05:13,640 and securely relays them when the connection is open. 150 00:05:13,640 --> 00:05:15,720 It just completely solves the authentication problem. 151 00:05:15,720 --> 00:05:16,440 It really does. 152 00:05:16,440 --> 00:05:17,880 It's so elegant. 153 00:05:17,880 --> 00:05:21,080 But here is where it gets really interesting for me, though. 154 00:05:21,080 --> 00:05:25,080 If you're running a busy office, or like a hospital, 155 00:05:25,080 --> 00:05:27,720 or a massive warehouse, you might 156 00:05:27,720 --> 00:05:31,560 have hundreds of these legacy devices sending 157 00:05:31,560 --> 00:05:33,040 thousands of alerts a day. 158 00:05:33,040 --> 00:05:33,680 Oh, easily. 159 00:05:33,680 --> 00:05:34,240 Thousands. 160 00:05:34,240 --> 00:05:38,120 So if Email Relay is the sole middleman for all that traffic, 161 00:05:38,120 --> 00:05:41,680 you'd probably assume it has to be this loaded, resource heavy 162 00:05:41,680 --> 00:05:43,240 monster of a program. 163 00:05:43,240 --> 00:05:45,560 You'd need a dedicated server just to keep up. 164 00:05:45,560 --> 00:05:46,120 Right. 165 00:05:46,120 --> 00:05:47,280 That would be the assumption. 166 00:05:47,280 --> 00:05:49,120 But the manual spends a lot of time 167 00:05:49,120 --> 00:05:51,920 emphasizing how incredibly lightweight it is. 168 00:05:51,920 --> 00:05:53,680 So how is it moving all this traffic 169 00:05:53,680 --> 00:05:57,240 without just melting the RAM on whatever computer is running it? 170 00:05:57,240 --> 00:05:59,080 Well, it all comes down to the architecture. 171 00:05:59,080 --> 00:06:01,280 The documentation details that Email Relay 172 00:06:01,280 --> 00:06:03,680 runs as a single process using what's 173 00:06:03,680 --> 00:06:06,240 called a non-blocking I slash O model. 174 00:06:06,240 --> 00:06:06,880 OK, wait. 175 00:06:06,880 --> 00:06:08,880 Non-blocking IO. 176 00:06:08,880 --> 00:06:10,840 That is exactly one of those phrases 177 00:06:10,840 --> 00:06:13,520 that makes beginners want to run for the hills. 178 00:06:13,520 --> 00:06:14,000 I know. 179 00:06:14,000 --> 00:06:14,500 I know. 180 00:06:14,500 --> 00:06:15,620 It sounds super technical. 181 00:06:15,620 --> 00:06:17,880 What does that actually look like in practice? 182 00:06:17,880 --> 00:06:20,240 OK, think of a traditional blocking server, 183 00:06:20,240 --> 00:06:21,980 like a cashier at a grocery store. 184 00:06:21,980 --> 00:06:22,940 OK, cashier. 185 00:06:22,940 --> 00:06:26,800 The cashier takes one customer, scans their items, 186 00:06:26,800 --> 00:06:30,020 waits for them to pay, and hands them their receipt. 187 00:06:30,020 --> 00:06:32,380 The entire line behind them is blocked, 188 00:06:32,380 --> 00:06:34,520 waiting for that single transaction to finish. 189 00:06:34,520 --> 00:06:35,020 Right. 190 00:06:35,020 --> 00:06:36,560 And if that customer takes five minutes 191 00:06:36,560 --> 00:06:38,060 to dig around for their credit card, 192 00:06:38,060 --> 00:06:40,100 everyone else just stands there glaring. 193 00:06:40,100 --> 00:06:43,160 Exactly, which is incredibly inefficient 194 00:06:43,160 --> 00:06:45,820 if you have 1,000 people trying to check out at once. 195 00:06:45,820 --> 00:06:47,180 OK, so that's a blocking model. 196 00:06:47,180 --> 00:06:47,700 Right. 197 00:06:47,700 --> 00:06:51,100 A non-blocking model is more like a master chess player 198 00:06:51,100 --> 00:06:52,900 walking down a line of 50 different games. 199 00:06:52,900 --> 00:06:56,500 Oh, like a grandmaster doing a simultaneous exhibition. 200 00:06:56,500 --> 00:06:57,400 Yes. 201 00:06:57,400 --> 00:07:00,100 They look at board one, make a move, 202 00:07:00,100 --> 00:07:02,580 and instantly walk to board two. 203 00:07:02,580 --> 00:07:05,260 They don't stand there waiting for the first opponent to think. 204 00:07:05,260 --> 00:07:06,620 Right, they just keep moving. 205 00:07:06,620 --> 00:07:09,080 They continuously cycle through, handling 206 00:07:09,080 --> 00:07:11,580 whichever connection is ready for the next step. 207 00:07:11,580 --> 00:07:15,300 An email relay uses this exact same architecture. 208 00:07:15,300 --> 00:07:16,620 That makes so much sense. 209 00:07:16,620 --> 00:07:18,820 And it's actually the same model used 210 00:07:18,820 --> 00:07:24,060 by massive enterprise-grade web tools like Nginx, 211 00:07:24,060 --> 00:07:26,900 which handle millions of simultaneous website visitors. 212 00:07:26,900 --> 00:07:27,720 Wow. 213 00:07:27,720 --> 00:07:29,900 So it's juggling all these incoming alerts 214 00:07:29,900 --> 00:07:32,580 and outgoing cloud connections concurrently 215 00:07:32,580 --> 00:07:34,540 without ever pausing the whole system 216 00:07:34,540 --> 00:07:36,980 to wait for one slow email to send. 217 00:07:36,980 --> 00:07:37,640 Exactly. 218 00:07:37,640 --> 00:07:39,420 And to make it even more efficient, 219 00:07:39,420 --> 00:07:41,340 it's written entirely in C++. 220 00:07:41,340 --> 00:07:43,700 OK, and for anyone unfamiliar, C++ 221 00:07:43,700 --> 00:07:46,940 is a programming language that's famous for its speed, right? 222 00:07:46,940 --> 00:07:50,140 Its speed and its incredibly low memory footprint. 223 00:07:50,140 --> 00:07:52,780 It interacts very, very closely with the computer's hardware. 224 00:07:52,780 --> 00:07:55,940 Which translates to a massive human benefit here. 225 00:07:55,940 --> 00:07:58,300 You don't need to go out and buy a $5,000 server 226 00:07:58,300 --> 00:07:59,340 to run this middleman. 227 00:07:59,340 --> 00:08:00,020 Oh, not at all. 228 00:08:00,020 --> 00:08:03,180 You could probably run it on a dusty 10-year-old laptop 229 00:08:03,180 --> 00:08:04,580 sitting in the corner of the office, 230 00:08:04,580 --> 00:08:05,780 and it wouldn't even break a sweat. 231 00:08:05,780 --> 00:08:06,260 Yeah. 232 00:08:06,260 --> 00:08:07,140 You absolutely could. 233 00:08:07,140 --> 00:08:08,580 It's that efficient. 234 00:08:08,580 --> 00:08:12,060 But that minimalist approach also 235 00:08:12,060 --> 00:08:14,140 leads to a design philosophy that catches 236 00:08:14,140 --> 00:08:15,820 a lot of new users off guard. 237 00:08:15,820 --> 00:08:16,620 Yes. 238 00:08:16,620 --> 00:08:18,780 OK, I want to push back on this, because it honestly 239 00:08:18,780 --> 00:08:21,380 threw me for a loop when I was reading the user guide. 240 00:08:21,380 --> 00:08:22,420 The policy-free thing. 241 00:08:22,420 --> 00:08:23,340 Yes. 242 00:08:23,340 --> 00:08:26,940 The manual proudly states that email relay is entirely 243 00:08:26,940 --> 00:08:28,180 policy-free. 244 00:08:28,180 --> 00:08:30,900 And to a beginner setting up network infrastructure, 245 00:08:30,900 --> 00:08:34,060 policy-free sounds like a very polite way of saying, 246 00:08:34,060 --> 00:08:37,300 we built an empty shell that does absolutely nothing out 247 00:08:37,300 --> 00:08:38,740 of the box, good luck. 248 00:08:38,740 --> 00:08:40,700 It really does sound like that, doesn't it? 249 00:08:40,700 --> 00:08:43,220 Downloading a blank slate, actually a good thing. 250 00:08:43,220 --> 00:08:46,100 I completely understand why that sounds daunting. 251 00:08:46,100 --> 00:08:48,520 We're so used to software holding our hands these days. 252 00:08:48,520 --> 00:08:49,620 Very true. 253 00:08:49,620 --> 00:08:51,220 But think about your typical experience 254 00:08:51,220 --> 00:08:53,900 with heavy enterprise software. 255 00:08:53,900 --> 00:08:57,460 Or honestly, even just setting up a new smart TV. 256 00:08:57,460 --> 00:08:58,340 Don't get me started. 257 00:08:58,340 --> 00:08:58,820 Right. 258 00:08:58,820 --> 00:09:01,500 You spend the first three hours digging through menus, 259 00:09:01,500 --> 00:09:03,700 trying to turn off the motion smoothing, 260 00:09:03,700 --> 00:09:05,940 disabling all the pop-up notifications. 261 00:09:05,940 --> 00:09:08,060 Fighting the built-in hard-coded rules 262 00:09:08,060 --> 00:09:10,660 that the developer just assumed you wanted. 263 00:09:10,660 --> 00:09:11,340 Exactly. 264 00:09:11,340 --> 00:09:13,900 You are always fighting the default settings 265 00:09:13,900 --> 00:09:16,860 just to get the tool to do the one specific task you bought 266 00:09:16,860 --> 00:09:17,740 it for. 267 00:09:17,740 --> 00:09:20,220 That is painfully relatable. 268 00:09:20,220 --> 00:09:21,820 Well, with email relay, you don't 269 00:09:21,820 --> 00:09:25,020 have to fight the defaults, because there are no defaults. 270 00:09:25,020 --> 00:09:28,340 That policy-free design is actually its superpower. 271 00:09:28,340 --> 00:09:32,300 It handles the core mechanics, the secure receiving 272 00:09:32,300 --> 00:09:34,660 and sending of data flawlessly. 273 00:09:34,660 --> 00:09:36,580 But you dictate the logic. 274 00:09:36,580 --> 00:09:38,860 You decide how many times a failed message 275 00:09:38,860 --> 00:09:40,900 should retry before giving up. 276 00:09:40,900 --> 00:09:43,300 You decide how balanced emails are handled, 277 00:09:43,300 --> 00:09:44,900 how local deliveries are routed. 278 00:09:44,900 --> 00:09:46,060 So it adapts to you. 279 00:09:46,060 --> 00:09:46,940 Yes. 280 00:09:46,940 --> 00:09:49,220 It is designed to adapt to the unique quirks 281 00:09:49,220 --> 00:09:51,860 of your specific network, rather than forcing you 282 00:09:51,860 --> 00:09:54,220 to change your network to accommodate the software. 283 00:09:54,220 --> 00:09:56,900 OK, I see the appeal of not having to fight the developer's 284 00:09:56,900 --> 00:09:57,780 assumptions. 285 00:09:57,780 --> 00:10:00,420 But I mean, if it's truly a blank slate just sitting there 286 00:10:00,420 --> 00:10:02,060 waiting for me to tell it what to do, 287 00:10:02,060 --> 00:10:03,540 how do we actually give it instructions? 288 00:10:03,540 --> 00:10:04,940 Right, you need a way to interface with it. 289 00:10:04,940 --> 00:10:06,780 Yeah, we have to tell the software how to route 290 00:10:06,780 --> 00:10:08,180 these messages somehow. 291 00:10:08,180 --> 00:10:09,940 And that brings us to the core mechanism 292 00:10:09,940 --> 00:10:12,300 of the software, the filter system. 293 00:10:12,300 --> 00:10:13,260 The filters. 294 00:10:13,260 --> 00:10:14,940 OK, when I was reading the section 295 00:10:14,940 --> 00:10:17,500 on how these filters operate via the command line, 296 00:10:17,500 --> 00:10:21,180 I kept picturing the email relay spool directory, 297 00:10:21,180 --> 00:10:24,460 where it holds all the messages, as this massive factory 298 00:10:24,460 --> 00:10:25,300 conveyor belt. 299 00:10:25,300 --> 00:10:26,460 I love that visual. 300 00:10:26,460 --> 00:10:28,600 Yeah, the emails are the packages. 301 00:10:28,600 --> 00:10:30,300 And they are just moving steadily 302 00:10:30,300 --> 00:10:33,660 along this belt, from the incoming dock to the outgoing 303 00:10:33,660 --> 00:10:34,180 dock. 304 00:10:34,180 --> 00:10:36,660 And the filters act as the workers along that line. 305 00:10:36,660 --> 00:10:38,300 Better yet, robotic arms. 306 00:10:38,300 --> 00:10:39,740 Robotic arms. 307 00:10:39,740 --> 00:10:41,500 You can just plug these robotic arms 308 00:10:41,500 --> 00:10:43,100 into the side of the conveyor belt. 309 00:10:43,100 --> 00:10:45,940 You tell the arm to watch the packages pass by. 310 00:10:45,940 --> 00:10:48,780 And you program it to intercept specific ones. 311 00:10:48,780 --> 00:10:51,260 It can stamp a package with a new label, 312 00:10:51,260 --> 00:10:53,140 reroute it to a completely different belt, 313 00:10:53,140 --> 00:10:54,980 open it up, and edit the contents. 314 00:10:54,980 --> 00:10:57,560 Or if it recognizes a dangerous package, 315 00:10:57,560 --> 00:10:59,360 just pick it up and throw it in the incinerator. 316 00:10:59,360 --> 00:11:02,500 That captures the mechanics of the hyphen filter command 317 00:11:02,500 --> 00:11:03,020 perfectly. 318 00:11:03,020 --> 00:11:04,220 Oh, awesome. 319 00:11:04,220 --> 00:11:07,260 And the beauty of this system is its flexibility. 320 00:11:07,260 --> 00:11:10,400 If you want to build a highly complex robotic arm, 321 00:11:10,400 --> 00:11:15,060 you don't need to learn C++ or modify the core software. 322 00:11:15,060 --> 00:11:16,140 Oh, thank goodness. 323 00:11:16,140 --> 00:11:16,660 Right. 324 00:11:16,660 --> 00:11:20,100 Email Relay allows you to use simple external scripts. 325 00:11:20,100 --> 00:11:21,980 So if you're running it on a Windows machine, 326 00:11:21,980 --> 00:11:24,260 you can write a filter using standard JavaScript. 327 00:11:24,260 --> 00:11:25,660 Just normal JavaScript. 328 00:11:25,660 --> 00:11:26,180 Yep. 329 00:11:26,180 --> 00:11:29,900 Or if you're on a Linux server, a basic shell script 330 00:11:29,900 --> 00:11:30,820 works perfectly. 331 00:11:30,820 --> 00:11:32,500 Wait, what actually happens between the software 332 00:11:32,500 --> 00:11:34,100 and the script, practically speaking? 333 00:11:34,100 --> 00:11:36,940 So as the email moves down the conveyor belt, 334 00:11:36,940 --> 00:11:40,500 Email Relay pauses it and passes the file 335 00:11:40,500 --> 00:11:41,700 to your external script. 336 00:11:41,700 --> 00:11:42,200 OK. 337 00:11:42,200 --> 00:11:45,740 Your script wakes up, examines the email headers or the body, 338 00:11:45,740 --> 00:11:47,780 makes whatever changes it needs to make, 339 00:11:47,780 --> 00:11:50,940 and then passes an exit code back to Email Relay. 340 00:11:50,940 --> 00:11:51,580 Oh, I see. 341 00:11:51,580 --> 00:11:53,120 And that exit code is the instruction. 342 00:11:53,120 --> 00:11:56,740 It tells Email Relay to, for the message, drop it or bounce it 343 00:11:56,740 --> 00:11:57,300 back. 344 00:11:57,300 --> 00:11:59,460 But let's say I don't want to write my own scripts. 345 00:11:59,460 --> 00:12:00,100 I'm a beginner. 346 00:12:00,100 --> 00:12:01,580 I just want to route some mail. 347 00:12:01,580 --> 00:12:04,860 Are there pre-built robotic arms ready to go in the box? 348 00:12:04,860 --> 00:12:05,740 Absolutely. 349 00:12:05,740 --> 00:12:08,500 The manual outlines several really powerful built-in 350 00:12:08,500 --> 00:12:11,140 filters that require zero programming. 351 00:12:11,140 --> 00:12:11,660 Nice. 352 00:12:11,660 --> 00:12:14,580 There's the copy filter, which just duplicates messages, 353 00:12:14,580 --> 00:12:16,580 which is great for creating an audit trail. 354 00:12:16,580 --> 00:12:18,420 Very useful for compliance. 355 00:12:18,420 --> 00:12:19,460 Exactly. 356 00:12:19,460 --> 00:12:23,100 There's the deliver filter, which routes specific messages 357 00:12:23,100 --> 00:12:25,380 to local mailboxes on the machine. 358 00:12:25,380 --> 00:12:28,260 And I noticed the split filter, which seems incredibly 359 00:12:28,260 --> 00:12:29,540 powerful for businesses. 360 00:12:29,540 --> 00:12:31,180 Oh, the split filter is fantastic. 361 00:12:31,180 --> 00:12:33,540 If I understand it correctly, you can tell the system, hey, 362 00:12:33,540 --> 00:12:36,380 if an outgoing email is addressed to our billing 363 00:12:36,380 --> 00:12:39,060 department's domain, route it through this highly 364 00:12:39,060 --> 00:12:41,260 secure specialized server. 365 00:12:41,260 --> 00:12:44,420 But if it's just a general email to a public domain, 366 00:12:44,420 --> 00:12:46,180 send it out the normal way. 367 00:12:46,180 --> 00:12:47,140 Precisely. 368 00:12:47,140 --> 00:12:49,540 It physically divides the traffic flow based 369 00:12:49,540 --> 00:12:50,380 on the rules you set. 370 00:12:50,380 --> 00:12:51,420 That's so smart. 371 00:12:51,420 --> 00:12:52,380 It is. 372 00:12:52,380 --> 00:12:54,940 But any time we talk about a blank slate mail server 373 00:12:54,940 --> 00:12:57,100 that automatically routes traffic, 374 00:12:57,100 --> 00:12:59,300 we really have to address the elephant in the room. 375 00:12:59,300 --> 00:13:00,060 Spam. 376 00:13:00,060 --> 00:13:00,700 Spam. 377 00:13:00,700 --> 00:13:02,380 Yeah, because if you aren't careful, 378 00:13:02,380 --> 00:13:05,980 an open middleman server sounds like a spammers absolute dream. 379 00:13:05,980 --> 00:13:07,260 Oh, a botnet would love it. 380 00:13:07,260 --> 00:13:08,100 Right. 381 00:13:08,100 --> 00:13:10,340 If a botnet finds your email relay server 382 00:13:10,340 --> 00:13:13,300 and realizes it will forward literally anything you hand it, 383 00:13:13,300 --> 00:13:15,340 they could pump millions of junk emails 384 00:13:15,340 --> 00:13:16,540 through your IP address. 385 00:13:16,540 --> 00:13:18,820 Which gets your company blacklisted from the internet. 386 00:13:18,820 --> 00:13:19,660 Exactly. 387 00:13:19,660 --> 00:13:22,740 So how does a policy-free tool protect against that? 388 00:13:22,740 --> 00:13:25,340 It tackles this by integrating seamlessly 389 00:13:25,340 --> 00:13:28,140 with existing industry standard tools. 390 00:13:28,140 --> 00:13:30,180 Specifically, Spam Assassin. 391 00:13:30,180 --> 00:13:30,900 Oh, OK. 392 00:13:30,900 --> 00:13:32,420 Spam Assassin is huge. 393 00:13:32,420 --> 00:13:32,940 Yeah. 394 00:13:32,940 --> 00:13:36,620 You can plug in the built-in spam or spam edit filters. 395 00:13:36,620 --> 00:13:39,060 So as the messages come down the conveyor belt, 396 00:13:39,060 --> 00:13:42,140 Spam Assassin scans them for malicious patterns. 397 00:13:42,140 --> 00:13:43,580 And if it catches something? 398 00:13:43,580 --> 00:13:47,020 If it flags a message as junk, the filter intercepts it 399 00:13:47,020 --> 00:13:49,500 and drops it before it ever gets relayed to the cloud. 400 00:13:49,500 --> 00:13:50,140 Nice. 401 00:13:50,140 --> 00:13:53,460 And it also has a mechanism to stop bad emails before they 402 00:13:53,460 --> 00:13:55,980 even get on the conveyor belt in the first place, right? 403 00:13:55,980 --> 00:13:57,420 Using address verifiers? 404 00:13:57,420 --> 00:13:58,140 Yes. 405 00:13:58,140 --> 00:14:01,240 The address verifier is a crucial first line of defense. 406 00:14:01,240 --> 00:14:02,780 Think of it like a bouncer standing 407 00:14:02,780 --> 00:14:03,900 outside the factory doors. 408 00:14:03,900 --> 00:14:04,940 Checking the guest list. 409 00:14:04,940 --> 00:14:05,900 Exactly. 410 00:14:05,900 --> 00:14:08,860 The manual outlines the account built-in verifier. 411 00:14:08,860 --> 00:14:10,060 How does that one work? 412 00:14:10,060 --> 00:14:12,500 Well, if a botnet tries to send an email 413 00:14:12,500 --> 00:14:15,800 to a fake or randomized address on your system, 414 00:14:15,800 --> 00:14:17,540 just trying to guess employee names. 415 00:14:17,540 --> 00:14:18,900 Which they do constantly. 416 00:14:18,900 --> 00:14:19,780 Constantly. 417 00:14:19,780 --> 00:14:21,620 The verifier checks that incoming address 418 00:14:21,620 --> 00:14:23,540 against the actual system account. 419 00:14:23,540 --> 00:14:26,060 And if the user doesn't exist, the bouncer 420 00:14:26,060 --> 00:14:28,300 rejects the connection right at the door. 421 00:14:28,300 --> 00:14:30,340 The email is never accepted, it never 422 00:14:30,340 --> 00:14:32,420 enters the school directory, and it never 423 00:14:32,420 --> 00:14:34,620 wastes your server's processing power. 424 00:14:34,620 --> 00:14:36,620 OK, so we've covered how it routes the mail, 425 00:14:36,620 --> 00:14:39,100 how it filters the mail, and how it keeps the spam out. 426 00:14:39,100 --> 00:14:39,660 Yep. 427 00:14:39,660 --> 00:14:42,200 But let's bring this back to the bigger picture for a second. 428 00:14:42,200 --> 00:14:45,300 If an organization is pulling away from proprietary vendors 429 00:14:45,300 --> 00:14:48,500 to take sovereignty over their own data, 430 00:14:48,500 --> 00:14:52,020 they need to know the underlying infrastructure is rock solid. 431 00:14:52,020 --> 00:14:52,740 Absolutely. 432 00:14:52,740 --> 00:14:53,860 Security is everything. 433 00:14:53,860 --> 00:14:54,700 Right. 434 00:14:54,700 --> 00:14:57,700 If a business owner is relying on email relay 435 00:14:57,700 --> 00:15:00,620 to handle sensitive automated reports or financial audit 436 00:15:00,620 --> 00:15:05,060 trails, how secure is this data while it's actually moving? 437 00:15:05,060 --> 00:15:07,980 Well, the documentation is very rigorous regarding security 438 00:15:07,980 --> 00:15:09,220 protocols. 439 00:15:09,220 --> 00:15:12,780 To ensure data isn't moving across the network in plain text, 440 00:15:12,780 --> 00:15:16,100 email relay fully supports negotiated TLS encryption 441 00:15:16,100 --> 00:15:18,320 for both incoming and outgoing connections. 442 00:15:18,320 --> 00:15:20,860 OK, let's break TLS down for a second for our beginners. 443 00:15:20,860 --> 00:15:22,340 Transport layer security. 444 00:15:22,340 --> 00:15:23,940 Think of it as an armored truck. 445 00:15:23,940 --> 00:15:24,900 An armored truck. 446 00:15:24,900 --> 00:15:25,540 Yeah. 447 00:15:25,540 --> 00:15:27,140 Even if someone intercepts the truck 448 00:15:27,140 --> 00:15:28,740 while it's driving down the highway, 449 00:15:28,740 --> 00:15:31,100 they can't see or access what's inside. 450 00:15:31,100 --> 00:15:33,240 The data is locked in the cryptographic vault 451 00:15:33,240 --> 00:15:34,140 while in transit. 452 00:15:34,140 --> 00:15:35,200 That's a great visual. 453 00:15:35,200 --> 00:15:37,220 And what about controlling who actually gets 454 00:15:37,220 --> 00:15:39,420 to access the server itself? 455 00:15:39,420 --> 00:15:42,860 So if you're running email relay on a Linux machine, 456 00:15:42,860 --> 00:15:45,460 it integrates with PAM authentication. 457 00:15:45,460 --> 00:15:46,340 PAM. 458 00:15:46,340 --> 00:15:49,940 PAM stands for Plugable Authentication Modules. 459 00:15:49,940 --> 00:15:51,780 Essentially, instead of email relay 460 00:15:51,780 --> 00:15:54,100 trying to manage its own list of passwords, 461 00:15:54,100 --> 00:15:56,860 it hands that job off to the core operating system. 462 00:15:56,860 --> 00:15:59,420 Oh, so the Linux VIP list decides who gets in. 463 00:15:59,420 --> 00:16:00,060 Exactly. 464 00:16:00,060 --> 00:16:02,000 I also noticed a fascinating feature 465 00:16:02,000 --> 00:16:04,220 in the manual regarding extreme privacy. 466 00:16:04,220 --> 00:16:06,300 It mentioned connection tunneling. 467 00:16:06,300 --> 00:16:07,180 Yes. 468 00:16:07,180 --> 00:16:09,700 This is a standout feature for organizations 469 00:16:09,700 --> 00:16:12,300 with high security or anonymity requirements. 470 00:16:12,300 --> 00:16:13,020 Like who? 471 00:16:13,020 --> 00:16:15,540 Maybe a journalistic outfit protecting sources, 472 00:16:15,540 --> 00:16:17,980 or like a corporate whistleblower system. 473 00:16:17,980 --> 00:16:20,700 Email relay can be configured to route your mail traffic 474 00:16:20,700 --> 00:16:23,140 through a SOKS proxy, or even directly 475 00:16:23,140 --> 00:16:24,140 through the Tor network. 476 00:16:24,140 --> 00:16:24,660 Wait. 477 00:16:24,660 --> 00:16:25,780 Tor? 478 00:16:25,780 --> 00:16:26,280 Really? 479 00:16:26,280 --> 00:16:26,780 Yeah. 480 00:16:26,780 --> 00:16:29,100 It completely cloaks the origin of the traffic, 481 00:16:29,100 --> 00:16:31,620 adding a massive layer of operational security. 482 00:16:31,620 --> 00:16:34,380 That is wild for such a small program. 483 00:16:34,380 --> 00:16:36,780 And just to add one more layer of utility, 484 00:16:36,780 --> 00:16:38,780 it doesn't just push mail out. 485 00:16:38,780 --> 00:16:41,180 It can actually function as a PMC server. 486 00:16:41,180 --> 00:16:43,780 Which means it acts like a secure post office box. 487 00:16:43,780 --> 00:16:44,700 Right. 488 00:16:44,700 --> 00:16:46,660 End users can open up their standard email 489 00:16:46,660 --> 00:16:50,580 client on their laptop, securely connect the email relay, 490 00:16:50,580 --> 00:16:53,100 and retrieve their spooled messages directly. 491 00:16:53,100 --> 00:16:56,700 OK, the manual clearly proves it has the technical chops. 492 00:16:56,700 --> 00:16:59,140 But, you know, manuals are written by the developer. 493 00:16:59,140 --> 00:16:59,780 Of course. 494 00:16:59,780 --> 00:17:01,660 They always sound great on paper. 495 00:17:01,660 --> 00:17:03,980 What happens when this hits the real world? 496 00:17:03,980 --> 00:17:07,780 Can you actually trust a lightweight, free piece 497 00:17:07,780 --> 00:17:10,700 of software to run your business infrastructure? 498 00:17:10,700 --> 00:17:12,860 This is where we have to look at those SourceForge reviews. 499 00:17:12,860 --> 00:17:14,140 Right, the real users. 500 00:17:14,140 --> 00:17:17,060 And the validation there is incredibly compelling. 501 00:17:17,060 --> 00:17:19,780 Out of all the users rating it, email relay 502 00:17:19,780 --> 00:17:22,660 holds a 4.9 out of 5 star rating. 503 00:17:22,660 --> 00:17:23,620 That's great. 504 00:17:23,620 --> 00:17:26,220 That is almost unheard of for network infrastructure 505 00:17:26,220 --> 00:17:26,700 software. 506 00:17:26,700 --> 00:17:27,200 I know. 507 00:17:27,200 --> 00:17:30,020 Usually this stuff just makes IT professionals miserable. 508 00:17:30,020 --> 00:17:31,980 The reviews were genuinely surprising to read. 509 00:17:31,980 --> 00:17:35,020 People aren't just using this for a weekend hobby 510 00:17:35,020 --> 00:17:36,220 project in their basement. 511 00:17:36,220 --> 00:17:37,300 It's not at all. 512 00:17:37,300 --> 00:17:39,820 There's one review from a user named Sean2k 513 00:17:39,820 --> 00:17:41,420 that really highlights the stability. 514 00:17:41,420 --> 00:17:44,340 He calls the software absolutely bulletproof. 515 00:17:44,340 --> 00:17:45,220 Bulletproof. 516 00:17:45,220 --> 00:17:45,900 Yeah. 517 00:17:45,900 --> 00:17:48,340 He explains that his organization has relied on it 518 00:17:48,340 --> 00:17:51,820 to relay mail from various devices across their network. 519 00:17:51,820 --> 00:17:54,140 And email relay has run continuously 520 00:17:54,140 --> 00:17:57,980 for over six years without a single crash or incident. 521 00:17:57,980 --> 00:18:00,500 Six years without a crash. 522 00:18:00,500 --> 00:18:03,900 I guarantee every person listening to this deep dive 523 00:18:03,900 --> 00:18:05,900 right now can think of an enterprise tool 524 00:18:05,900 --> 00:18:08,540 their company pays thousands of dollars a month for 525 00:18:08,540 --> 00:18:11,820 that can't boast six months of uptime, let alone six years. 526 00:18:11,820 --> 00:18:13,020 Oh, 100%. 527 00:18:13,020 --> 00:18:15,460 And it's not just stable under light loads, either. 528 00:18:15,460 --> 00:18:18,300 Another user, Unusual Ildoram, reported 529 00:18:18,300 --> 00:18:20,780 that they use email relay in a Windows environment, 530 00:18:20,780 --> 00:18:23,820 and it successfully pushes over 300,000 emails a day. 531 00:18:23,820 --> 00:18:25,580 300,000 emails a day. 532 00:18:25,580 --> 00:18:26,300 A day. 533 00:18:26,300 --> 00:18:27,860 That is not just a few scanner alerts. 534 00:18:27,860 --> 00:18:30,720 That is a massive volume of automated receipts, 535 00:18:30,720 --> 00:18:32,660 notifications, or system logs. 536 00:18:32,660 --> 00:18:35,260 It really proves the fundamental philosophy of the software. 537 00:18:35,260 --> 00:18:38,580 By keeping the core program incredibly lightweight, 538 00:18:38,580 --> 00:18:41,100 relying on the speed of C++ Sare, 539 00:18:41,100 --> 00:18:43,460 and using that non-blocking architecture we talked about. 540 00:18:43,460 --> 00:18:45,020 The grandmaster playing chess. 541 00:18:45,020 --> 00:18:46,020 Exactly. 542 00:18:46,020 --> 00:18:48,260 A tool built by a single developer 543 00:18:48,260 --> 00:18:52,020 can absolutely rival massive enterprise systems 544 00:18:52,020 --> 00:18:54,660 in both stability and sheer volume. 545 00:18:54,660 --> 00:18:56,780 It just does exactly what it's designed to do, 546 00:18:56,780 --> 00:18:57,500 without the bloat. 547 00:18:57,500 --> 00:18:59,060 Which, you know, brings us full circle 548 00:18:59,060 --> 00:19:02,300 to exactly why we started this deep dive with Safe Server. 549 00:19:02,300 --> 00:19:02,820 Right. 550 00:19:02,820 --> 00:19:05,780 When you realize that an open source tool like Email Relay 551 00:19:05,780 --> 00:19:10,860 can flawlessly process 300,000 emails a day 552 00:19:10,860 --> 00:19:13,740 and just sit quietly on a local server for six years 553 00:19:13,740 --> 00:19:15,500 without a single crash, 554 00:19:15,500 --> 00:19:18,020 the business case becomes glaringly obvious. 555 00:19:18,020 --> 00:19:18,980 Why pay for the bloat? 556 00:19:18,980 --> 00:19:19,780 Exactly. 557 00:19:19,780 --> 00:19:23,300 Why are organizations paying exorbitant monthly fees 558 00:19:23,300 --> 00:19:25,740 to proprietary vendors like Microsoft or Google 559 00:19:25,740 --> 00:19:27,060 for basic routing setups? 560 00:19:27,060 --> 00:19:29,580 The cost savings of switching to an open source solution 561 00:19:29,580 --> 00:19:30,780 are just immense. 562 00:19:30,780 --> 00:19:33,220 And beyond the budget, it's about data control. 563 00:19:33,220 --> 00:19:35,500 Your infrastructure stays inside your walls. 564 00:19:35,500 --> 00:19:37,060 Your data remains yours. 565 00:19:37,060 --> 00:19:40,500 It's about removing dependencies on external platforms 566 00:19:40,500 --> 00:19:43,300 that can change their policies on a whim 567 00:19:43,300 --> 00:19:45,540 and break your legacy hardware. 568 00:19:45,540 --> 00:19:47,100 Break your $1,000 scanner. 569 00:19:47,100 --> 00:19:47,540 Yeah. 570 00:19:47,540 --> 00:19:50,340 And remember, you don't have to figure all this out alone. 571 00:19:50,340 --> 00:19:52,900 Safe Server can be commissioned for consulting 572 00:19:52,900 --> 00:19:55,020 to help you make this exact transition. 573 00:19:55,020 --> 00:19:56,140 They are great at this. 574 00:19:56,140 --> 00:19:59,420 Whether the absolute perfect fit for your specific network 575 00:19:59,420 --> 00:20:03,100 is email relay or a comparable open source alternative, 576 00:20:03,100 --> 00:20:05,900 they will guide you from planning to operation. 577 00:20:05,900 --> 00:20:08,700 You can learn how to take control of your infrastructure 578 00:20:08,700 --> 00:20:11,940 at www.safeserver.de. 579 00:20:11,940 --> 00:20:13,100 Definitely go check them out. 580 00:20:13,100 --> 00:20:14,540 Well, we've covered a lot of ground today, 581 00:20:14,540 --> 00:20:16,900 from the frustration of broken legacy scanners 582 00:20:16,900 --> 00:20:19,700 to the elegance of a non-blocking architecture. 583 00:20:19,700 --> 00:20:20,580 It's been a fun one. 584 00:20:20,580 --> 00:20:23,540 It is a fascinating look at the hidden mechanics 585 00:20:23,540 --> 00:20:27,180 of how our data actually moves from point A to point B. 586 00:20:27,180 --> 00:20:28,500 But before we sign off, 587 00:20:28,500 --> 00:20:30,920 I wanna leave you with a final thought to ponder 588 00:20:30,920 --> 00:20:33,300 as you log into your work computer tomorrow. 589 00:20:33,300 --> 00:20:34,180 Ooh, all right. 590 00:20:34,180 --> 00:20:36,820 If a free, lightweight, policy-free tool 591 00:20:36,820 --> 00:20:38,900 built by a single developer can flawlessly 592 00:20:38,900 --> 00:20:41,460 route 300,000 emails a day for a business 593 00:20:41,460 --> 00:20:43,540 without crashing for six years, 594 00:20:43,540 --> 00:20:46,420 what other bloated, expensive, proprietary software 595 00:20:46,420 --> 00:20:49,260 in your current tech stack is completely unnecessary?