:: Re: [DNG] ..devuan to the rescue? E…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Marjorie Roome
日付:  
To: dng
題目: Re: [DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?
Hi Arnt,

On Sat, 2020-09-19 at 23:55 +0200, Arnt Karlsen wrote:
> ..devuan to the rescue? Norwegian ISP "Get" is ditching their email
> service and pointing their clients to a paid service, which again is
> pointing them to Gmail's ad laden services, drawing due scorn. [1]
>
>
> ..since we can do better, I'm thinking "Devuan Email Server Flavor"
> sort of distro to put on an old pc or a Raspberry Pi, with all email
> on local storage like I've done since the mid 1990ies. Which is
> part of my problem: While Claws Mail is neat and easy, Fetchmail
> and Procmail are _far_ from newbie friendly.
>
> ..expect the Get clientele to be total newbies, who may be capable
> of entering their own email account data into a web browser
> interface from their Wintendo, so our new email server flavor needs
> to be kept as stupid simple as possible to setup and use.
>
> ..limit it to a pop3 and imap client and an imap server with local
> storage? The big thing is control over your own email, on your own
> hardware, in your own home.
>

Back in April I created a local email server based on Devuan Beowulf
for my family. Previously we had one running on Linode under Ubuntu
14.4 (now eol) with postfix and courier-imap that had been set-up by my
(adult) son many years earlier and largely just left to run. Early this
year a spammer discovered an authentication 'hole' and we ended up
relaying spam. Initially I fixed that, and added spam filtering with
Spamassassin along with SPF, DKIM (Opendkim) and DMARC to recover our
rep.

As the Ubuntu was eol and I wanted to avoid systemd I replaced it with
a new Devuan mailserver on a 6W, Intel NUC5CPYH with 4Gb RAM and and a
125GB SSD. My new server is on my home network which has a fixed IP.

The configuration follows that in this guide:
https://workaround.org/ispmail/buster/ which is for Buster but easilyadapted to Beowulf.

The software stack is Postfix, Mariadb (for virtual users DB), Apache2
(for letsencrypt renewals), Dovecot (for auth, sieve and DKIM), Rspamd
(for spam filtering including Bayes), fail2ban (for persistent spammer
IP blocking) and dnscrypt-proxy (for dns). I also added Monit as my
supervision daemon.

The guide includes Roundcube (for webmail) and ClamAv (for malware
filtering) but I didn't implement these.

I do use imap for my users, who use MUAs Evolution (Devuan),
Thunderbird (Windows, iMac), K9mail (Android), Spark (iPad, IPhone).
The guide explains how to autoconfigure the imap settings.

Other changes include:

1) a more restrictive postfix main.cf than in the guide, so less spam
gets through to rspamd: postfix rejected about 37% of emails last
month, rspamd about 7% with another 5% going to to users spam folders
and is thus reviewable by them. The main reason for postfix to reject
an email outright is no SPF.

2) use of the backport version of rspamd (2.5 - so the graphical
interface works out of the box) and

3) use of a couple of scripts to incrementally backup up the vmail
partition each day and to snapshot the root partition monthly.

With my use case the 2 cpu are only very lightly loaded and I'm
typically only using 20% of the RAM so I could have got away with less
beefy cpu and RAM hardware. I decided against a Raspberry Pi as I
preferred to mirror the known AMD64 set-up I use on my own desktop
machine.

--
Marjorie