[sclug] Recommendations for mail server

Dickon Hood sclug at splurge.fluff.org
Thu Jan 13 22:17:48 UTC 2005 

On Thu, Jan 13, 2005 at 21:57:17 +0000, Keith Edmunds wrote:
: On Thu, 13 Jan 2005 20:52:02 +0000
: Drew McLellan <lists at allinthehead.com> wrote:

: > Hi everyone - I've been lurking on this list for a couple of months, so 
: > time to introduce myself and ask some advice too.

: Hi Drew, welcome.

Eh-oh.

: > I've got a box running Debian Sarge as a dedicated web server off in a 
: > datacentre somewhere. The box currently has exim installed. I need to 
: > configure a basic mail setup so a small handful of people can use POP3.

: Exim is the Debian standard, and a reasonable SMTP server. Personally I use
: Postfix on the servers I configure, but that's mostly down to personal
: preference.

>From an MTA PoV, I've run both Exim and Postfix, and I'm tending towards
Exim these days.  There's not a lot between them, so pick one and stick
with it; they're both very capable.  Exim's written and supported by the
University of Cambridge, and UK-hours support can be handy.  Not much in
it, though, as I say.

: > Requirements:

: > a) POP3 boxes
: > b) SMTP relay w/ authorisation

I also would recommend IMAP.  Hate the protocol (University of Washington
-- just say no...), but it's better than POP3 for what you want.

[...]

: > and ideally:

: > c) web interface for account maintenance (webmin's ok)
: > d) work with a standard webmail tool like squirrelmail.

Be very careful with any form of remote-admin tools.  They're uniformly
dangerous; try doing a Google search for some key phrases, and you'll see
what I mean.

[...]

: The IMAP server I'd recommend is Dovecot; it also includes a POP3 daemon.

I concurr.  Compile in SSL support, and ensure your clients are using
IMAPS ('Use secure connection' or somesuch.  Port 993).  That'll encrypt
everything -- including the rather important usernames and passwords -- as
it travels over the big, bad interweb.

[...]

: Does that help at all? Or has it spawned 254 new questions?

More than likely :-)

If you have some sort of firewall box at the moment, you can, to remove
the authentication requirement for outbound SMTP, run an ssh tunnel from
port 25 on that, to port 25 on localhost on your mail server.  I'm
something of a fan of ssh tunnels, though, and tend to abuse them at every
opportunity.  Just be careful to disallow external connections to port 25;
you don't want to become an open relay.

Here endeth my advice.  Personally, I run all mail remotely and access
everything via ssh and read mail via mutt, but that's not always
appropriate for everyone.

-- 
Dickon Hood

Due to constant nagging to change it, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible.  We apologise for the
inconvenience in the meantime.

More information about the Sclug mailing list