From owner-freebsd-questions@freebsd.org Tue Aug 9 10:24:27 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93E40BB1735 for ; Tue, 9 Aug 2016 10:24:27 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1FED21AA3 for ; Tue, 9 Aug 2016 10:24:27 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x233.google.com with SMTP id o80so24604896wme.1 for ; Tue, 09 Aug 2016 03:24:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jJtrv+DPQTvSxAmv8U2/HGzs8yreqqJ6R27HO82VJMw=; b=UFblnePoCNa43wBBhKd1PNnqJG+oJclAzjFCxdjYFCGjyyRMeBQlBZ6gYj70YERAGL eW1zmZrRuz0lVutdiokq/44iYq507If1eOJX7H0aHTDohMrsfNawQ4bd/XX+PjP5jWI9 tTqgB9VD4eykX+RAgYMdsTOzbpM1rjh+ICzROgbxCNwx2z+MtHat6O+uEZ+bs+zM9Q64 DcOtT7J5IxhZvDCjC5bduAIBO3P50RbwmGeCcoUO7zyBNu13xOxJV4eN58lopkwv6ivB Vk2U9wn32HCcPagTmGpipHsAYgf3+0Wun3bxK0PISImQ9o//0K5KfIdc+gSZIBi+7OGx bK0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jJtrv+DPQTvSxAmv8U2/HGzs8yreqqJ6R27HO82VJMw=; b=UbGcjovOdJ5RAVSideulEbiv1Wzae3T2HL9Sp5bG161HGVlnveDnwpQJ4zLopBLGiZ Zo6jieqzJZBRW3AgwkzvQxv4VsFk/Hj1mIGQEL8L9fz5n/bOwE+iKCaoIgANR7tVygCc a3OeFqNU6PPNbazG234rKdUq0j6pYzlKHlJ1xI6clUo3YUml1OBJioKeOHYyneeSqF7J gAqqmVZo+Cbx3SK/eY2XuOGgwnQmQ03s5XrxUN1Yll8/tg4kfmlt3/8vUIC+sHp2WuNq EUuuU8BhWiAqka/aCe0Bsb2VlQaWwDQBsOCZY+NXBwBYVs+BA+uF2IHuq1fm/a6SB6GB MIJg== X-Gm-Message-State: AEkoouvfm091fC4zH3VyARJbAnAmFO+KqoNT3Z3qLGkffSrGXqs7SWe2AVqI3BS2lmN0nVkrq0Kzth4LJwU+3w== X-Received: by 10.194.157.33 with SMTP id wj1mr34480395wjb.49.1470738265508; Tue, 09 Aug 2016 03:24:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.54.202 with HTTP; Tue, 9 Aug 2016 03:24:24 -0700 (PDT) In-Reply-To: <20160807165256.78074e54154e43d3a696b22d@sohara.org> References: <20160807165256.78074e54154e43d3a696b22d@sohara.org> From: krad Date: Tue, 9 Aug 2016 11:24:24 +0100 Message-ID: Subject: Re: Need advice for setting up mail server To: "Steve O'Hara-Smith" Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Aug 2016 10:24:27 -0000 I would second exim, i have used it in big ISP installations so know it scales fairly well. Its config is also very human readable, and powerful. If your users are happy at the cli consider hooking procmail into the loop as well as that can do all sorts of funky things for sorting their mail. On the mailbox front make sure you use the maildir format, as its the simplest to manipulate/fix at the CLI and most reliable. On the dns side dnsmasq is good for small scale, and if it acts a dhcp it will also handle all you internal dynamic dns without to much hassle. I generally use it in conjunction with local_unbound as a forwarder, so I get some level of dns-sec support, even if its not end to end. It will also handle the ipv6 side of things as well if you have that available. If your isp doesnt provide ipv6 have a look at tunnelbroker.net. It's easy to setup (full instructions) On 7 August 2016 at 16:52, Steve O'Hara-Smith wrote: > On Sun, 7 Aug 2016 15:24:48 +0000 > Manish Jain wrote: > > > fo > > r me, the thing has to be easy to set up and maintain, rather than worry > > too much about eavesdropping/MITM. Thanks for any advice. Manish Jain > > I found it simplest to set up two MTAs (in jails) one for outgoing > mail (allows relay from inside the LAN only, uses my ISPs SMTP server as a > smarthost) running exim (I found it easy to configure) and one for incoming > mail (sendmail delivering via procmail and spamassassin to dovecot for > IMAP). > > Separating the two directions made it very easy to think about the > security of the configuration. > > For DNS there are many alternatives, but for simplicity there's > little to beat dnsmasq (perhaps not the most performant but good enough > for a smallish network). I had unbound and nsd running for my DNS for a > while, it was a *nightmare* that I never got working smoothly. > > -- > Steve O'Hara-Smith > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >