Mail service configuration

Components

  • MTA
  • POP/IMAP server (MDA?)

Requirements

  • Send and receive mail for domain
  • Secure remote mail retrieval
  • Secure remote mail send via MTA
  • Security before performance

Send and Receive

Supported by all [MTAs][1][?][1]

Secure Remote Retrieval

  • IMAP or POP with TLS
  • See Security for authentication

Secure Remote Submission

http://en.wikipedia.org/wiki/SMTP-AUTH

Available Mail Transfer Agents

Sendmail

Ruled out because of complexity, lack of security

Postfix

Qmail

DJB

Exim

Resources

From 2001. Postfix beats qmail in performance.

Softupdates benefit performance at risk of mail loss on crash

TLS & DNS security issues

Postfix can't run filters on message body?

Mail Retrieval

POP & IMAP

IMAP only

  • cyrus-imap
  • courier
  • bincimap

Two main contenders are Courier and Dovecot.
Originally installed Dovecot, but it supports neither quotas nor STARTTLS.
Will stay with it for the moment. Courier-imap needs perl. Don't really want to bbloat the jail.

POP only

  • qmail-pop3
  • tPOP3
  • teapop
  • popa
  • vmpop
  • qpopper

Configuration


Filtering

See http://acme.com/mail_filtering/

  • [SpamAssassin][4][?]4

circumvented by spammers according to acme

conservative

aggressive

aggressive

Q&A

Local disk encryption?

Encrypt mail spools? Protect against seizure? Does that matter?


Log

2006-04-14

Ok. First task. Decide on an MTA and remote retrieval daemon.
Ruled out Sendmail. Insecure, complex.
Would like to have the ability to reject at SMTP time

IMAP or POP?

IMAP requires a decent quota on the mail server as well as backups. Single location for mail. Single point of failure. Definitely preferable to POP

Filtering

[SpamAssassin][4][?][4] is widely used but apparently a target of spammers.
Bogofilter is less widely used.
Bogofilter it is then (at least initially).

2006-04-16

Decided on Postfix. Actively maintained (unlike qmail+patches). Full-featured.

2006-04-19

http://wanderingbarque.com/howtos/mailserver/mailserver.html
http://jamm.sourceforge.net/howto/single-html/mailserver.html