From owner-freebsd-questions@freebsd.org  Sun Aug  7 15:53:08 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11135BB1220
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun,  7 Aug 2016 15:53:08 +0000 (UTC)
 (envelope-from steve@sohara.org)
Received: from smtp3.irishbroadband.ie (smtp3.irishbroadband.ie [62.231.32.5])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CFF281A00
 for <freebsd-questions@freebsd.org>; Sun,  7 Aug 2016 15:53:07 +0000 (UTC)
 (envelope-from steve@sohara.org)
Received: from [89.127.62.20] (helo=smtp.lan.sohara.org)
 by smtp3.irishbroadband.ie with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.76) (envelope-from <steve@sohara.org>) id 1bWQNl-0005do-AS
 for freebsd-questions@freebsd.org; Sun, 07 Aug 2016 16:52:57 +0100
Received: from [192.168.63.1] (helo=steve.lan.sohara.org)
 by smtp.lan.sohara.org with smtp (Exim 4.86_2 (FreeBSD))
 (envelope-from <steve@sohara.org>) id 1bWQO5-000M7A-6p
 for freebsd-questions@freebsd.org; Sun, 07 Aug 2016 15:53:17 +0000
Date: Sun, 7 Aug 2016 16:52:56 +0100
From: Steve O'Hara-Smith <steve@sohara.org>
To: freebsd-questions@freebsd.org
Subject: Re: Need advice for setting up mail server
Message-Id: <20160807165256.78074e54154e43d3a696b22d@sohara.org>
In-Reply-To: <VI1PR02MB0974A0FB1361638BDD437043F61A0@VI1PR02MB0974.eurprd02.prod.outlook.com>
References: <VI1PR02MB0974A0FB1361638BDD437043F61A0@VI1PR02MB0974.eurprd02.prod.outlook.com>
X-Mailer: Sylpheed 3.5.0 (GTK+ 2.24.29; amd64-portbld-freebsd10.1)
X-Clacks-Overhead: "GNU Terry Pratchett"
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2016 15:53:08 -0000

On Sun, 7 Aug 2016 15:24:48 +0000
Manish Jain <bourne.identity@hotmail.com> wrote:

>  fo
>  r me, the thing has to be easy to set up and maintain, rather than worry
> too much about eavesdropping/MITM. Thanks for any advice. Manish Jain

	I found it simplest to set up two MTAs (in jails) one for outgoing
mail (allows relay from inside the LAN only, uses my ISPs SMTP server as a
smarthost) running exim (I found it easy to configure) and one for incoming
mail (sendmail delivering via procmail and spamassassin to dovecot for
IMAP).

	Separating the two directions made it very easy to think about the
security of the configuration.

	For DNS there are many alternatives,  but for simplicity there's
little to beat dnsmasq (perhaps not the most performant but good enough
for a smallish network). I had unbound and nsd running for my DNS for a
while, it was a *nightmare* that I never got working smoothly.

-- 
Steve O'Hara-Smith <steve@sohara.org>