Archived Posts » 59,672,804
Recommend a setup for an inhouse mail server
2/8/2012 11:43:44 PM
I am going to run my own email server for personal use. I am debating on which OS and server software I should run.
This naturally seems to be a linux sort of thing. I have historically had very, very bad experiences with linux. I have, however, found a server called iRedMail which is basically a wrapper for postfix, clamav, spam assassin, dovecot, and roundcube webmail. It doesn't install a firewall, but I'm looking at using shorewall.
I am quite familiar with Windows and have used a server called mailtraq.
My conundrum is this. Securing Windows can be difficult, but at least I know Windows. Linux is more security conscious from the start, but I don't know it that well, and experience has shown me that experimenting with settings in Linux is generally a Very Bad Idea, as it's very easy to get everything FUBAR in short order.
I intend to keep my server behind my NAT if possible. This will allow me to block any incoming traffic not on a mail server port at the gateway.
What does the hive suggest?
This naturally seems to be a linux sort of thing. I have historically had very, very bad experiences with linux. I have, however, found a server called iRedMail which is basically a wrapper for postfix, clamav, spam assassin, dovecot, and roundcube webmail. It doesn't install a firewall, but I'm looking at using shorewall.
I am quite familiar with Windows and have used a server called mailtraq.
My conundrum is this. Securing Windows can be difficult, but at least I know Windows. Linux is more security conscious from the start, but I don't know it that well, and experience has shown me that experimenting with settings in Linux is generally a Very Bad Idea, as it's very easy to get everything FUBAR in short order.
I intend to keep my server behind my NAT if possible. This will allow me to block any incoming traffic not on a mail server port at the gateway.
What does the hive suggest?
2/9/2012 12:41:08 AM
Ever read the NSA guides on securing windows?? use windows, put it out on the internet, just firewall wall it and shutdown everything you don't need.
Windows can be secured fairly well, it is just once you start doing so, you have to know what your are tightening up or turn off if you want windows to play seemly with other windows systems in the same way it does out-of-the-box.
(such as, you can get ride of netbios, but you better have correctly setup dns, and some cifs functionality might be lost.) or http://support.microsoft.com/kb/188001.
etc
Windows can be secured fairly well, it is just once you start doing so, you have to know what your are tightening up or turn off if you want windows to play seemly with other windows systems in the same way it does out-of-the-box.
(such as, you can get ride of netbios, but you better have correctly setup dns, and some cifs functionality might be lost.) or http://support.microsoft.com/kb/188001.
etc
2/9/2012 12:45:11 AM
Originally Posted By NimmerMehr:
Ever read the NSA guides on securing windows?? use windows, put it out on the internet, just firewall wall it and shutdown everything you don't need.
Ever read the NSA guides on securing windows?? use windows, put it out on the internet, just firewall wall it and shutdown everything you don't need.
Not familiar with those. Do you happen to have a link?
2/9/2012 12:51:32 AM
been a while..
start here
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml#microsoft
start here
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml#microsoft
2/9/2012 12:47:48 PM
Originally Posted By NimmerMehr:
Ever read the NSA guides on securing windows?? use windows, put it out on the internet, just firewall wall it and shutdown everything you don't need.
Windows can be secured fairly well, it is just once you start doing so, you have to know what your are tightening up or turn off if you want windows to play seemly with other windows systems in the same way it does out-of-the-box.
(such as, you can get ride of netbios, but you better have correctly setup dns, and some cifs functionality might be lost.) or http://support.microsoft.com/kb/188001.
etc
Ever read the NSA guides on securing windows?? use windows, put it out on the internet, just firewall wall it and shutdown everything you don't need.
Windows can be secured fairly well, it is just once you start doing so, you have to know what your are tightening up or turn off if you want windows to play seemly with other windows systems in the same way it does out-of-the-box.
(such as, you can get ride of netbios, but you better have correctly setup dns, and some cifs functionality might be lost.) or http://support.microsoft.com/kb/188001.
etc
It isn't very difficult at all.
2/9/2012 12:48:36 PM
Two other questions
Which firewall should I use?
If I run Windows, is there a particular edition I should look into? I'd rather not $700 on a full up Windows Server if I don't need to.
Which firewall should I use?
If I run Windows, is there a particular edition I should look into? I'd rather not $700 on a full up Windows Server if I don't need to.
2/9/2012 1:22:49 PM
I don't see any reason to spend money on Windows and a window server and firewall when you can have a complete linux setup with everything free. Just put it behind the firewall with only the incoming mail port forwarded and keep up with any security patches for the mail server.
2/9/2012 1:30:55 PM
Sendmail 8. 
Also if you're on a residential connection, there's a 99.9% chance your ISP will block incoming 25, 110, and 143. Probably also 80 and sometimes 22 for good measure. Recently there has been a trend of blocking all incoming connections. If that's the case you can run something as a local MTA but you can't hang it on the internet.
Also if you're on a residential connection, there's a 99.9% chance your ISP will block incoming 25, 110, and 143. Probably also 80 and sometimes 22 for good measure. Recently there has been a trend of blocking all incoming connections. If that's the case you can run something as a local MTA but you can't hang it on the internet.
2/9/2012 3:00:06 PM
Originally Posted By phurba:
Sendmail 8.
Also if you're on a residential connection, there's a 99.9% chance your ISP will block incoming 25, 110, and 143. Probably also 80 and sometimes 22 for good measure. Recently there has been a trend of blocking all incoming connections. If that's the case you can run something as a local MTA but you can't hang it on the internet.
Sendmail 8.
Also if you're on a residential connection, there's a 99.9% chance your ISP will block incoming 25, 110, and 143. Probably also 80 and sometimes 22 for good measure. Recently there has been a trend of blocking all incoming connections. If that's the case you can run something as a local MTA but you can't hang it on the internet.
I have a business account with static IP and all that good stuff.
ETA: and I know a bit about sendmail
Rather, I know that postfix is supposed to be the simplified version of it, a statement which boggles the mind if you've messed with postfix any at all.2/9/2012 3:06:46 PM
Originally Posted By castiel:
I don't see any reason to spend money on Windows and a window server and firewall when you can have a complete linux setup with everything free. Just put it behind the firewall with only the incoming mail port forwarded and keep up with any security patches for the mail server.
I don't see any reason to spend money on Windows and a window server and firewall when you can have a complete linux setup with everything free. Just put it behind the firewall with only the incoming mail port forwarded and keep up with any security patches for the mail server.
This brings me back to my original problem with Linux. The documentation is arcane, usually incorrect, almost always incomplete, and I often wonder if it's intentionally written to be hard to understand. If there's an easy to use distro and an easy to use mail server for it, I have missed it.
How am I ever supposed to know if I've properly secured the server if I can't trust the accuracy of the documentation (which I can't)?
2/9/2012 3:50:01 PM
A few years ago I manually set up Postfil+clamav+spamassasin and it really wasn't too bad. There were hundreds of tutorials describing exactly how to do it all and after studying a few of them I was able to piece it all together.
2/9/2012 4:20:21 PM
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
2/9/2012 4:53:51 PM
Originally Posted By Andrewh:
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
I just have to have my own server
2/9/2012 5:35:05 PM
Originally Posted By JamesP81:
I just have to have my own server
Originally Posted By Andrewh:
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
I just have to have my own server
It IS pretty sweet! I have web mail, pop3, IMAP over SSL and my Smart phone syncs too it.
Don't laugh, I'm using Windows Server 2000 and Exchange 5.5. I use a Separate machine with Server 2003 and Xwall as my front end/spam filter. It has been in operation for more than a decade without problems.
the biggest problem I ran into was reverse DNS. allot of places will block incoming mail as spam if the reverse lookup on the sending mail server's ip address doesn't match the server's host name. I was able to get my provider to delegate reverse lookups to my DNS servers so I could get the ip addresses to match the server's host name.
anyway, good luck.
2/9/2012 7:18:22 PM
Originally Posted By KaProw:
It IS pretty sweet! I have web mail, pop3, IMAP over SSL and my Smart phone syncs too it.
Don't laugh, I'm using Windows Server 2000 and Exchange 5.5. I use a Separate machine with Server 2003 and Xwall as my front end/spam filter. It has been in operation for more than a decade without problems.
the biggest problem I ran into was reverse DNS. allot of places will block incoming mail as spam if the reverse lookup on the sending mail server's ip address doesn't match the server's host name. I was able to get my provider to delegate reverse lookups to my DNS servers so I could get the ip addresses to match the server's host name.
anyway, good luck.
Originally Posted By JamesP81:
I just have to have my own server
Originally Posted By Andrewh:
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
unless you just have to own your own server, why not use gmail?
http://www.google.com/support/forum/p/gmail/thread?tid=7273f9a54a918139&hl=en
my last company did that. so I had myemail@mycompany.com but it went through gmail servers and pop3.
I just have to have my own server
It IS pretty sweet! I have web mail, pop3, IMAP over SSL and my Smart phone syncs too it.
Don't laugh, I'm using Windows Server 2000 and Exchange 5.5. I use a Separate machine with Server 2003 and Xwall as my front end/spam filter. It has been in operation for more than a decade without problems.
the biggest problem I ran into was reverse DNS. allot of places will block incoming mail as spam if the reverse lookup on the sending mail server's ip address doesn't match the server's host name. I was able to get my provider to delegate reverse lookups to my DNS servers so I could get the ip addresses to match the server's host name.
anyway, good luck.
I have a copy of Vista laying around, but I suspect it may not be the best choice for this application
I'm hoping I can go with Windows SBS or even WHS.
Sadly, I can't afford xwall. The newest Windows Firewall (with advanced security) appears to be a lot more capable than its earlier predecessors, so I'm considering that. Outside of that, however, I'm not sure what my options are.
