Mail service configuration
Components
- MTA
- POP/IMAP server (MDA?)
Requirements
- Send and receive mail for domain
- Secure remote mail retrieval
- Secure remote mail send via MTA
- Security before performance
Send and Receive
Supported by all MTAs
Secure Remote Retrieval
- IMAP or POP with TLS
- See Security for authentication
Secure Remote Submission
http://en.wikipedia.org/wiki/SMTP-AUTH
Available Mail Transfer Agents
Sendmail
Ruled out because of complexity, lack of security
Postfix
Qmail
DJB
Exim
Resources
From 2001. Postfix beats qmail in performance.
Softupdates benefit performance at risk of mail loss on crash
TLS & DNS security issues
Postfix can't run filters on message body?
Mail Retrieval
POP & IMAP
- Dovecot (http://www.dovecot.org/)
- uw-imap
IMAP only
- cyrus-imap
- courier
- bincimap
Two main contenders are Courier and Dovecot.
Originally installed Dovecot, but it supports neither quotas nor STARTTLS.
Will stay with it for the moment. Courier-imap needs perl. Don't really want to bbloat the jail.
POP only
- qmail-pop3
- tPOP3
- teapop
- popa
- vmpop
- qpopper
Configuration
Filtering
See http://acme.com/mail_filtering/
- SpamAssassin (http://spamassassin.apache.org/)
circumvented by spammers according to acme
- Bogofilter (http://bogofilter.sourceforge.net/)
conservative
aggressive
aggressive
Q&A
Local disk encryption?
Encrypt mail spools? Protect against seizure? Does that matter?
Log
2006-04-14
Ok. First task. Decide on an MTA and remote retrieval daemon.
Ruled out Sendmail. Insecure, complex.
Would like to have the ability to reject at SMTP time
IMAP or POP?
IMAP requires a decent quota on the mail server as well as backups. Single location for mail. Single point of failure. Definitely preferable to POP
Filtering
SpamAssassin is widely used but apparently a target of spammers.
Bogofilter is less widely used.
Bogofilter it is then (at least initially).
2006-04-16
Decided on Postfix. Actively maintained (unlike qmail+patches). Full-featured.
2006-04-19
http://wanderingbarque.com/howtos/mailserver/mailserver.html
http://jamm.sourceforge.net/howto/single-html/mailserver.html