What are some of the inherent risk of hosting your own website and e-mail system from home as oppossed to another company hosting it?

Looking at it from the firewall perspective no matter what you will still have to allow traffic between ports 80,443,25 and others so what is the difference?

You have additional services running on your machine that are accesible from outside systems which could be liable to security issues, someone could try using your server as mail relay for spam, DDoS attacks against your webserver would stop your net connection, etc. :-)

There's lots of extra problems unless you secure your system. Your firewall idea doesn't quite hold true though - you would close port 80 on your firewall at home as nothing's running on it - you don't need it open to browse the net. Same with 25 + 443. Opening them opens a way into your system.

I guess what I meant to say was that at home you of course would filter those ports but I do see what you are saying that with additional services there would be more of a security risk.

Okay, lets assume you have your machine with Apache, Postfix, et al running. A security vulnerability is announced detailing a buffer overflow within Apache. You've got Apache installed so you need to patch it, otherwise there's a security weakness in your system. Take Apache out which would be the case on a fairly standard Linux system, the security issue isn't there :-)

Always goes that the more you have installed, the more security holes you open up, especially when those services are networked ones and accesible over the net. Folks will watch for security problems and try to exploit them, so you'd need to ensure you kept bang up to date with your patching.

Hope that's a bit clearer! So long as you keep on top of things, read well in advance to lock things down, you shouldn't have too many problems, will give you full control over the whole thing, and be a great learning experience!

If your email is hosted by a company there is a very big chance they have fallback servers. If the primary mailserver is unreachable the mail will be temporary delivered to one of the fallback servers until the primary is up again.

If you have your emailserver at home and your connection is down or you have troubles with the server all mail sent will be lost.

Your security depends on what it is that you plan to host. Server daemons can have flaws, server-side scripts can have flaws, etc. Set up a good IDS, iptables, harden your selected distro/web pages/scripts, and let it go. And you don't have to use those ports, but that's a moot point. If you will run SSH, which you probably will, I would suggest changing the default port from 22 to avoid the massive amounts of traffic from port scanning kiddies.

Overall, the main problem that individuals face when hosting web services is bandwidth, maintenance, etc. Security is a concern, but most of us don't have a fat pipe into our closets or whatever to run a server of that nature.

killer points many thanks

Unless the whole server goes down, it shouldn't be a problem even for home users. You can also usually restore data from a drive if the system fails, or simply take a backup to CD-R every few days (although usually mail wouldn't stay on the server, rather with the mail client on the desktop).

A lack of Internet connection would cause the server to simply queue all outbound messages. Once the connection is back, they're all sent. Inbound messages will be returned to sending mail server where it will usually be re-queued and re-sent over a period of time depending on their set up until either sucessfully delivered once conection restored, or returned to sender (usually after 4 days or so).

I've setup mail servers for people at home where the connection has dropped for a couple of days and all mail gets routed through correctly once the connection returns :-)

Thanks for the insight!