Date: Sun, 7 Aug 2016 09:25:06 -0700 From: Doug Hardie <doug@mail.sermon-archive.info> To: Steve O'Hara-Smith <steve@sohara.org> Cc: freebsd-questions@freebsd.org Subject: Re: Need advice for setting up mail server Message-ID: <E98F78D7-CA67-4443-B9D4-8642216BC4B3@mail.sermon-archive.info> In-Reply-To: <20160807165256.78074e54154e43d3a696b22d@sohara.org> References: <VI1PR02MB0974A0FB1361638BDD437043F61A0@VI1PR02MB0974.eurprd02.prod.outlook.com> <20160807165256.78074e54154e43d3a696b22d@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 7 August 2016, at 08:52, Steve O'Hara-Smith <steve@sohara.org> = wrote: >=20 > On Sun, 7 Aug 2016 15:24:48 +0000 > Manish Jain <bourne.identity@hotmail.com> wrote: >=20 >> fo >> r me, the thing has to be easy to set up and maintain, rather than = worry >> too much about eavesdropping/MITM. Thanks for any advice. Manish Jain >=20 > I found it simplest to set up two MTAs (in jails) one for = outgoing > mail (allows relay from inside the LAN only, uses my ISPs SMTP server = as a > smarthost) running exim (I found it easy to configure) and one for = incoming > mail (sendmail delivering via procmail and spamassassin to dovecot for > IMAP). >=20 > Separating the two directions made it very easy to think about = the > security of the configuration. I recently switched a small business mail server from sendmail to = postfix with dovecot. It wasn't real simple, but it went together quite = easily. The wiki pages for both are extremely good. I used one = instantiation of postfix as it handles security quite well. You = designate which networks are trusted (local) and everything else is not. = You can set it up using dovecot's authentication so that remote users = can be trusted also. There apparently is also a tool to enable the user = to maintain their sieve configuration via a browser although I have not = tried that yet. =20 I found it best to use dovecot's MDA from postfix so that pigeon sieve = could be used during delivery. That gives you features like vacation = and automatic delivery to inboxes other than INBOX. I did the initial = setup one step at a time. Get it working then add the next feature. You do need to figure out which type of authentication you want at the = beginning. I used password file authentication as the number of users = and turnover was not enough to warrant any of the more flexible = approaches. Both postfix and dovecot are dependent on the = authentication. Using dovecot's authentication for postfix made the = setup a lot easier as you only have to get authentication working once. For machines other than the mail server, I used postfix setup to forward = all mail to a smart host. That way the log files are all in the same = format. You will want to decide how to store the log file on the MTA. = I went with syslog into the same file for both postfix and dovecot. = That makes it a bit easier to trace what happened to a particular = message. I did have to add additional fields into the logging format = for both though. That was probably the most difficult configuration = item. It took awhile to figure out which log format is used for which = situations.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E98F78D7-CA67-4443-B9D4-8642216BC4B3>