著者: Simon 日付: To: Devuan ML 題目: Re: [DNG] email programs (??right word??)
onefang <onefang_devuan@???> wrote:
> I run my own server, some of you may have heard of it, it's also one of
> the Devuan package mirrors.
>
> It has a variety of domain names, and I run my own email server on it
> using the courier family of servers. I mostly picked courier coz it
> covers everything, so far it has worked well.
I too run my own server, and have done for some time.
My personal recipe, which I copied from the setup I’d built at work back when I worked in a small IT services company and we ran a mail server for our clients, is :
Postfix for the SMTP side.
There’s a lot you can do with Postfix’s built in checks that will eliminate a huge quantity of spam - this is mostly enforcing SMTP protocol so that the shortcuts taken by spammers to “get their carp out quickly” cause the connection to fail. Then Greylisting (while it has it’s issues) gets rid of pretty much all spam that isn’t already relayed via someone’s compromised system.
I can share those config bits if anyone is interested.
Courier for the IMAP side (used to use POP, but dropped that altogether a long time ago)
IIRC it’s the Courier packages that are using libsasl2
PostfixAdmin which is a nice GUI for managing mailboxes, aliases, etc. While it does restrict flexibility somewhat, it makes life a lot simpler.
Cluebringer (aka PolicyD) which provides rate limiting (by number of messages and by cumulative message size) - and Greylisting.
And for AV/Spam, Amavis run in daemon mode AS A MILTER.
I’m very particular about that. Search around and you’ll find many sites telling you how to do it wrong (like the big outfits like Microsoft do) - and that's to accept mail for delivery that you have no intention of delivering. Yes, you read that right, AFAIK every major email provider out there will accept mail for delivery knowing that they will not deliver some of it - they’ll silently toss it in /dev/null. The Postfix/Amavis way of setting this up is to run two Postfix instances, one listening on port 25, the other listening on port 10025. When mail comes in from the outside, the first Postfix instance will pass it off via SMTP to the Amavis daemon listening on port 10024, which after scanning it, if it passes, will send it via SMTP to the second Postfix instance at post 10025, and from there it goes to the mailboxes.
The problem with that is what to do when you decide not to deliver a message. You can’t bounce it, you just create annoying backscatter if you do. You can flag it (e.g. add “***SPAM***” to the subject line) which is better than nothing but still annoys the user as they still get all the spam. Or you do what most do and delete it, no notice to the sender or recipient that they didn’t get a message - which is a p.i.t.a. when it’s a false positive and the sender assumes you got the message, while the recipient is oblivious to the fact it ever existed.
So I run Amavis as a milter. When postfix receives a message, between the sender saying “that’s the lot” and Postfix replaying “OK, I’ll deliver it”, it passes it to the milter for checking, and also to the policy daemon - if either fail (or one of Postfix’s internal rules fails) it can respond “Sorry, I’m not delivering it”. So if there is a false positive, the sender will get a non-delivery notice from their own mail system. There is some backscatter where spam comes via a compromised system - but you can’t fix other people’s broken.
My SSL certificate comes from SSLMate.
Add in a few manual tweaks, stir well ...
I don’t fetch any mail from external providers, so don’t have fetch mail or anything like that set up.
On the client side, I’m still using Apple’s mail client on my Mac, and K-9 Mail on my phone. I also have Thunderbird on my Mac - there’s some things it can do easily that are “a faff” with Apple Mail.
You can add a web based IMAP client such as Roundcube if you want. That way you can have your own webmail.
To-do: Look into adding stuff like DMARK, SPF, blah, blah.
To-do: message filtering into mailboxes on the server - at present it’s handled by the client on my Mac.
To-do: Look into configuring mandatory TLS for certain domains for sending and receiving.
To-do: Update the whole lot. In the “it isn’t broken so don’t fix it” way of working, it’s still running as it was when I set it up - running on Debian before they went all SystemD !
It’s something that’s very satisfying to do, assuming you have the time to figure out all the bits needed and how to glue them together. But it does take time, and can be a tad frustrating at times. Also, when it comes to major updates, you always find that something has changed and you need to adapt the configs to suit - see above to-do about updating :-( Fortunately for me, when I set this up, I was paid to do it at work and simply replicated the setup at home, so I didn’t really worry about the time it was taking vs spending that time on house maintenance, etc., etc.
But once you do, and get it working how you want your mail to work, you’ll never want to rely on someone else’s stupid ideas (c.f. above about accepting mail and then deleting it) ever again. You’ll also find out just how broken so many mail systems are - from simple things like DNS errors, to some quite “interesting” issues.
My setup runs (as a VM) on an HP Microserver (G7) at home - not stunning performance, but quiet and low power. It’ll get moved to a different host when I get round to it, then the Microserver can get repurposed for something else or turned off.
> Fetchmail
> feeds emails through maildrop, which uses a grey list to sort things into
> standard Maildir folders on my desktop.
>
> The grey list has rules like "put any email from the Devuan mailing lists
> into the Devuan folder" (lots of that sort of rule), "put emails from
> specific people into the inbox folder" (very few of those people), "put
> emails from my family into the Family folder", "put known spam into the
> Spam folder", and finally "everything else goes into a holding folder so
> I can figure out what to do with it later".
Do you have any suggested links for looking up how to do that ? I’m using Maildrop between Postfix and my mailboxes, but at present it’s doing nothing but take the message and drop it in the main Inbox.
From memory, when I last looked at this several years ago, what frightened me was statements that if I got the Maildrop script wrong, or it just didn’t have the pre-existing Maildir, then it would break.