From owner-freebsd-questions@freebsd.org Sun Aug 7 16:25:08 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46AD6BB170C for ; Sun, 7 Aug 2016 16:25:08 +0000 (UTC) (envelope-from doug@mail.sermon-archive.info) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 30C7316E7 for ; Sun, 7 Aug 2016 16:25:07 +0000 (UTC) (envelope-from doug@mail.sermon-archive.info) Received: from [10.0.1.4] (unknown [71.177.216.148]) by zoom.lafn.org (Postfix) with ESMTPSA id 3781134AD8B; Sun, 7 Aug 2016 09:25:06 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Need advice for setting up mail server From: Doug Hardie In-Reply-To: <20160807165256.78074e54154e43d3a696b22d@sohara.org> Date: Sun, 7 Aug 2016 09:25:06 -0700 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20160807165256.78074e54154e43d3a696b22d@sohara.org> To: Steve O'Hara-Smith X-Mailer: Apple Mail (2.3124) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Aug 2016 16:25:08 -0000 > On 7 August 2016, at 08:52, Steve O'Hara-Smith = wrote: >=20 > On Sun, 7 Aug 2016 15:24:48 +0000 > Manish Jain wrote: >=20 >> fo >> r me, the thing has to be easy to set up and maintain, rather than = worry >> too much about eavesdropping/MITM. Thanks for any advice. Manish Jain >=20 > I found it simplest to set up two MTAs (in jails) one for = outgoing > mail (allows relay from inside the LAN only, uses my ISPs SMTP server = as a > smarthost) running exim (I found it easy to configure) and one for = incoming > mail (sendmail delivering via procmail and spamassassin to dovecot for > IMAP). >=20 > Separating the two directions made it very easy to think about = the > security of the configuration. I recently switched a small business mail server from sendmail to = postfix with dovecot. It wasn't real simple, but it went together quite = easily. The wiki pages for both are extremely good. I used one = instantiation of postfix as it handles security quite well. You = designate which networks are trusted (local) and everything else is not. = You can set it up using dovecot's authentication so that remote users = can be trusted also. There apparently is also a tool to enable the user = to maintain their sieve configuration via a browser although I have not = tried that yet. =20 I found it best to use dovecot's MDA from postfix so that pigeon sieve = could be used during delivery. That gives you features like vacation = and automatic delivery to inboxes other than INBOX. I did the initial = setup one step at a time. Get it working then add the next feature. You do need to figure out which type of authentication you want at the = beginning. I used password file authentication as the number of users = and turnover was not enough to warrant any of the more flexible = approaches. Both postfix and dovecot are dependent on the = authentication. Using dovecot's authentication for postfix made the = setup a lot easier as you only have to get authentication working once. For machines other than the mail server, I used postfix setup to forward = all mail to a smart host. That way the log files are all in the same = format. You will want to decide how to store the log file on the MTA. = I went with syslog into the same file for both postfix and dovecot. = That makes it a bit easier to trace what happened to a particular = message. I did have to add additional fields into the logging format = for both though. That was probably the most difficult configuration = item. It took awhile to figure out which log format is used for which = situations.