Hello Antonio, i put in cc the lugbz list, if you don't mind
So, I'd like to explore any other mail server alternatives, which are
easier to install and maintain, and which are lighter in
resource requirements. Could you suggest anything, based on your
experience?
Depending on your needs, you could just go old-school: simply install
postfix, dovecot and maybe a webmail interface (Roundcube is a nice
one). I can assure you that maintaining this leaner stack will be a lot
easier than coping with Zimbra various quirkinesses.
I have been running my server on this very basis for about 10 years.
Recently I upgraded my setup (which has been proved very stable and
hassle-free) including DKIM and DMARC.
If you preferer an integrated solution, iRedMail looks pretty
interesting (never administered it, tho):
The same holds for me; heard of iRedMail but I never put my hands on it
Thank you for your suggestions. When I find some time I will try some of
the alternatives. https://www.iredmail.org/ is definitely in my list.
I also agree that a simple solution (postfix, dovecot and maybe a webmail
interface) might be easier than bloated solutions that try to offer
everything. As you say, the key here is: "depending on your needs". What
might be good for a big company, maybe is not what I need (as a single
person), or what a small organization needs.
However, building a mail server manually is not a simple task, even if you
find some instructions or tutorials on the internet. Tutorials tend to get
old and outdated, and they almost never cover exactly what you need. Using
some scripts or recipes might be better, for example bash scripts, or
ansible, or Docker, etc.
I built a mail server myself a few years ago. My goal was to make it as
minimal as possible, just for sending emails/notifications from trusted
applications. I wrote some scripts to make its build repeatable, and the
corresponding instructions are here: https://docker-scripts.gitlab.io/simple-smtp-server.html
It has just postfix, no dovecot or webmail interface, because it has no
local accounts, and it does not store any emails.
Building such a server was not easy at all, trying to make it safe and
secure, so that it cannot be abused by spammers, etc. I still don't
understand properly all the postfix settings and configurations that I have
used. If I did not script it, I am not sure whether I would be able to do
it again.
This SMTP server is very minimal and cannot be used as a personal mail
server, so I tried to extend it later so that it has some virtual accounts,
with LDAP authentication. So, if you add some username/password on a LDAP
directory with a certain schema, the postfix will go and check there for
authenticating users. This authentication is needed when a user tries to
send email from this SMTP server. When emails arrive for a certain account,
they are forwarded to another email address of the user. For example if you
send email to info(a)fs.al it will be forwarded to dashohoxha(a)gmail.com .
Again no emails are stored locally, so no need for dovecot, webmail,
virus-checking, spam-checking, etc. In the example above, emails end up in
Gmail inbox, so the check for virus and spam is done by Gmail.
This blog describes this setup:
But if you need to have a mail server that stores emails, with POP3, IMAP,
webmail etc. the mail server above is not enough. I am listing here some of
the possible solutions that I have identified. I may try some of them in
the future and see which of them is simpler/better.
Same here. I'm running a setup with Postfix, Dovecot IMAP and Rspamd.
DKIM, SPIF, DMARC, spam filtering are handled by Rspamd, via the milter
protocol.
I'm using Roundcube as webmail, it's mature and offers all the
functionality I require. In the past I have used a plugin to integrate a
Nextcloud address book with the Roundcube address book, but found it was
a bit too much of a hassle for the limited benefit. A more modern web UI
is Rainloop, but I find the Sieve filtering interface of Roundcube fits
my needs better, so I stick to it for the time being.
After maintaining and upgrading the server manually, I started using
Ansible about 4 years ago. While it is quite a slog to set this up
initially, it is now much easier to perform re-installations, or
experiments with new settings.
If you put your server on the internet, you *must* make sure you don't
operate an insecure mail server. Apart from being a nuisance for others,
this will "taint" your IP address, and you may find it difficult if not
impossible to get your IP address cleared from the various blacklists,
even long after you have fixed the issue.
Use scanners like the MxToolbox, hardenize etc. to find common
configuration mistakes.
You may find that some big providers like Google, Microsoft, Yahoo are
very picky about accepting mails from small servers. Make sure you are
using a "good" public IP address, i.e. not from dial-up network, and the
IP address was not burned by a previous spammer. Spamhaus is one of the
pickier blacklist, check your IP address in their lookup/reputation
checker tool. I found that some regional servers operated by Google
blacklist the IPv6 range of my provider (Linode). That's simple to fix,
jut request another /64 block from the provider, that fixed it for me.
Microsoft's Hotmail blocked my mails for reasons I still haven't
understood. No mails from me then, you can't please everyone.
It is increasingly more difficult to operate a public mail server, as
big providers are turning up security, but it is a rewarding task and
gives you an great freedom in how you'd like to use your email. Also, it
gives you the (dubious? minor?) satisfaction of working against the
monopolization of the 'net by a bunch of multi-billion tech companies.
Very nice and interesting contributions from you all: Dashamir, Thomas P. ,
Roberto R., Anton and same others who share their experiences in running a
mail server.
diego
Thank you for your suggestions. When I find some time I will try some of
the alternatives. https://www.iredmail.org/ is definitely in my list.
I also agree that a simple solution (postfix, dovecot and maybe a webmail
interface) might be easier than bloated solutions that try to offer
everything. As you say, the key here is: "depending on your needs". What
might be good for a big company, maybe is not what I need (as a single
person), or what a small organization needs.
...
Maybe there are some other possible solutions that I have missed.
Maybe you will find very useful as me this little but unvaluable piece of sw, developed many years ago by Marco Moser from LinuxTrent: Postcot.