You need SPF and DKIM for your outgoing email to be accepted.
My idea of a secure email server is to use submission port 587. Expose port 25
to the world and aggressively filter all remaining email ports with a firewall.
And I mean aggressive. Geographically filter so only countries where youe users
reside can send and retrieve email. Block major hosting IP space.
How many users will be on the system? If you can handle it, assign all the
email passwords. This means you need to contact them out of band. I avoid
cpanel or similar internet access to email settings. I use nothing but ssh to
maintain my server.
Original Message
From: [email protected]
Sent: October 25, 2020 10:57 AM
To: [email protected]
Subject: Looking for a guide to collect all e-mail from the ISP mail server
Hi all:
I am evaluating mail server solutions for a small business. The trouble is, I
am only a part-time admin and a newbie to mail servers.
Most guides I have seen are rather unrealistic: they encourage you to expose
your e-mail server to the Internet, and hope that you have the resources
to keep it patched up.
I would rather have an internal mail server that collects e-mails from a
standard ISP mail server. It is like the old "POP3 Connector" that came with
Microsoft Exchange. Sometimes, there is a mailbox per user on the ISP, and a
corresponding one on the local server. Other times, there is a single
"catch all" or "multidrop" mailbox on the ISP.
Users can still access their internal mailboxes from outside through an OpenVPN
connection. The goal is that only VPN, and perhaps SSH, are
accessible from the outside. We do not need to arrange any special SMTP
configuration with the ISP either.
This kind of mail server setup is rather different to the standard
configuration. You do not normally need you own antivirus and spam filter, and
you
do not need to configure SSL certificates, MX or SPF DNS records. Most ISP
handle that correctly and economically. Internal e-mail does not leave
your LAN, and your internal SMTP server is just a relay for the external ISP
SMTP server.
Furthermore, most guides do not explain how to setup an autoresponder ("I am on
holiday until xxx") so that users can enable theirs with the mouse.
Editing configuration files over SSH is not really an option for normal users.
This detail is important because it could be the only thing I need
above standard e-mail. Further groupware features can be seen as nice but
ultimately unnecessary luxury, and a basic shared calendar can be
accomplished with a separate server like https://radicale.org/ and a calendar
client like one built into Thunderbird. Hopefully, that is all I would
need for a small business.
Can anyone point me to the kind of guide I need? Failing that, I would need
information or examples about using fetchmail, getmail or similar software
with Dovecot. Good or bad experiences from you guys would also help.
Each of those tools has a detailed man page, but there are many options and
ways with different advantages and disadvantages. I would need a simpler
guide to get started.
I am aware that there are pre-packaged mail server solutions that would perhaps
bring an easy-to-use autoresponder, but I haven't seen one yet that
where you could tick a box like "this server is only internal and collects mail
from the ISP server" during installation. Nor have I seen instructions
about reconfiguring the mail server for my ISP mail scenario.
I am prepared to learn more and write my own Perl scripts and/or installation
guide, but it would be stupid to waste time if something easy already
exists. After all, the setup I am describing (external ISP mail server +
internal mail server) is not so weird.
Thanks in advance,
rdiez
