[kwlug-disc] (Running a VPS) Mail Server? [Was: VPS (again)]

B.S. bs27975 at yahoo.ca
Sun Dec 21 12:22:28 EST 2014


Thanks everyone.

Khalid, "some mail servers will reject email from your server if the PTR 
returned matches what is in the SPF record" is probably missing a 
"doesn't" in there. Also, your page and post have a disconnect - in your 
post you mention forwarding to gmail (let their filters do the work), so 
you must receive via gmail but send via your own server. Isn't this a 
PITA to track? i.e. I assume you have to change your from for every msg 
received via gmail? [Perhaps these are aspects your article could point 
towards explanations thereof?]

(Yes, DKIM and SPF were the terms I couldn't recall at the time.)

Colin, good catch on TLS, I had forgotten that aggravation. I'll suggest 
you blacklist first - after all, everyone is familiar with it already, 
since everyone's running iplist and geo rejecting on their routers based 
on lists they're already getting. Right?

[Seen the latest CERT alert? 
http://www.us-cert.gov/ncas/alerts/TA14-353A - NASTY! (Guess they had to 
wait for O'bama to have his say before releasing what they learned from 
the Sony attack.)]

I think you've all made my point - one would have thought with all the 
fiddly bits a 'how to' would already be out there and easily found in 
internet land. Curious that it isn't. (?)

I certainly take Colin's point which is essentially you have to live it 
to understand it. And Nick's that too much energy is expended each time 
for something done so infrequently that the knowledge isn't retained. So 
one has to retransit the learning curve each and every time, and this 
gets old really fast. And google wins (despite their munging of imap / 
tags nonsense) ...

Certainly it all leads one towards checking out things like Zentyal in a 
vm and drinking in small sips. Turn on functionality one step at a time, 
nail it before moving onto the next. At least all the software fiddly 
bits should be present and in a row waiting for you - even if not turned 
on yet while you sink into things, at least you'll know tab A fits into 
slot B, and both A and B will be present. And that A and B are 
sufficiently good / interoperable that you don't have to hunt down if 
this element works with that element without hunting down non-included 
adaptive configuration files.


On 12/19/2014 11:05 AM, Colin Mackay wrote:
> I haven't put a LOT of time into it yet, it was just one of those 'putter
> about' projects.  My first thought was to have a mail server just so I
> could get a little more insight into it's setup.  Of course, it didn't end
> there...
>
> Using postfix and dovecot I got a simple server up and running quite
> quickly, of course did not allow mail relaying...  TLS certs were next.
> Certs have always been annoying for me, I don't use them enough to *really*
> get into it, but after a little bit of reading I managed to get it working.
>
> Spam Assassin *was* next, but I got sidetracked for a bit with Owncloud and
> RoundCube.
>
> Owncloud is a personal 'cloud', kinda neat, somewhat pointless on a system
> with 5Gb of disk space. :D  Roundcube is webmail for postfix type mail
> servers.  Basically, if you have a shell account, you have a roundcube
> account...  It's rather nice!
>
> Next... Spam assass---  er, nope.  Another sidetrack: Getting my mail
> account (and calendar from Owncloud) onto my BlackBerry.
>
> Now, with the Christmas season in full swing, I've barely touched it.  So
> far no one out there knows the IP / DNS name of the server, so that's
> what's keeping me safe...  Well, as safe as hiding behind the curtains
> during a home invasion, but still.  So far, so good.  My plans did end at
> Spam Assassin, wasn't planning a blacklist, but now I probably will add
> that to the list.
>
> As for the dangers?  Well, it's a pointless little VPS that can die a firey
> death and the domain isn't a permanent one I want to keep.  Call it
> practice, call it fun, call it a cheese sandwich, I don't care...  :)
>
> DMARC!  I remember reading about this a little while ago, but only in the
> 'rings a bell' sense.  Sounds like something to read up on at some point.
> Thus far, I've not had issues sending / receiving mail from gmail.com or
> rogers.com.
>
> Q. Is it worth it?  Will I run into trouble?  Will I pull my hair out
> fighting spam?  (Tune in next week...)
>
> A. I have NO idea yet.  I don't learn lessons from watching others fail, I
> learn lessons from trying and possibly failing in my own, unique way.  So
> until I get buried under a ton of spam messages, I'll keep this project
> going...
>
>
>
>
>
> Next, SPAM ASSASSIN!  Promise. :)
>
>
> On Fri, Dec 19, 2014 at 10:14 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
>>
>> On Fri, Dec 19, 2014 at 4:49 AM, B. S. <bs27975 at yahoo.ca> wrote:
>>>
>>> The idea of running one's own mail server has always seemed a little
>> 'scary' - not just to me, but others here have expressed similar.
>>>
>>> So many little fiddly bits, DNS stuff [can't recall the term, not DFC -
>> the MX record isn't the problem, it's the rest], multiple programs chained
>> together, blacklists, spamassasin, don't know what all else.
>>>
>>> Always seemed too much work. Anyone using yahoo these days probably
>> wonders if it's less work than Yahoo has been!
>>>
>>> Is there a current best practices how to on running one's own e-mail
>> server (IMAP, not POP) out there these days? [Googling it will just bury
>> you.]
>>
>> I used to be in this camp (those who avoid running email servers) and
>> I am still in it somewhat, with some modifications.
>>
>> I still don't run any POP servers, or spam filters. I forward the
>> accounts that are in my domain to a web email (mostly Gmail).
>>
>> But, what happened recently is that I modified SMTP so that I am able
>> to overcome Yahoo (and others, like Cox and Verizon) implementing
>> DMARC and hence my email bouncing from those domains.
>>
>> Basically, what I did was re-implement SPF, added DKIM and a PTR
>> record. These can be tedious to implement, and test, but once you do
>> them, things work again, and you don't get bounces anymore.
>>
>> The details are here
>>
>>
>> http://baheyeldin.com/technology/linux/setting-up-spf-and-dkim-on-postfix.html
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple,
>> and wrong." -- H.L. Mencken
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>





More information about the kwlug-disc mailing list