
OpenBSD Mail Server Intro - protomyth
http://technoquarter.blogspot.com/2015/02/openbsd-mail-server.html
======
steakejjs
I wish the email stack was simpler.

While working on a project to learn go, I was using postfix to pipe email
directly to a Go program, that then sent them as an SMS. I couldn't help but
thinking how old and clunky the software I was using felt. The Go ended up
being done in an hour and the postfix part took me 2 nights.

The same goes for all of the other email protocols and software. It's all big,
bulky, and complicated. especially considering how much of a backbone email is
to business today.

I know of the mailinabox project that was meant to package and abstract out a
lot of the difficulties, but found that even that was too complicated.

Does anyone know of any projects meant to simplify the email stack?

~~~
poolpOrg
I'm biased but as far as SMTP is concerned, you can hardly find something
simpler than OpenSMTPD: pretty much any configuration can be described in less
than 10 lines of config.

Here's my configuration on this desktop:

listen on all

accept from any for domain debug.poolp.org deliver to maildir

accept from local for any relay

------
hiphopyo
Also check this by the author of "The Book of PF":
[http://home.nuug.no/~peter/pf/en/spamd.setup.html](http://home.nuug.no/~peter/pf/en/spamd.setup.html)

\- isn't SpamAssassin too big, too old and too ugly considering it, according
to the author, only stands for 5% of the anti-spam?

\- can ClamAV really catch modern malware or are we just talking legacy
viruses from the 90s and 2000s?

~~~
kkmickos
I use SA on my own domains and I feel it is as efficient as Google's own spam
detection. Although no spam mails slipped through in months, a few legit got
caught due to their incompetence in html-emails.

As for ClamAV, their database is updated frequently. It's probably not as good
as commercial vendors such as Symantec, NOD32 and so on (can't compare because
I haven't used them for years), but I feel it offers some protection.

~~~
A_COMPUTER
At this point I consider myself a competent SA admin. I've got one particular
box with a domain going back to at least 1998 that I can't block enough spam,
too much still gets through. SpamAssassin is great, but I've been using GMail
since the beta and spam almost never gets through, like single digits for me
in all that time.

------
torrance
Hands down, the configuration file for opensmtpd is the best I've ever seen.
It's easy to grok and its declarative style beats Postfix's plethora of flags
anyday. Looking forward to it making its way into the standard Linux distros.

[https://www.opensmtpd.org/smtpd.conf.5.html](https://www.opensmtpd.org/smtpd.conf.5.html)

~~~
poolpOrg
thanks ;-)

It is already available as a package on various Linux distros: Gentoo, Arch,
Fedora, ... as well as all BSD variants.

------
brynet
This is an 8-part series of posts by the same author, the link at the top of
the page.

[http://technoquarter.blogspot.ca/p/series.html](http://technoquarter.blogspot.ca/p/series.html)

------
fakeanon
Hey, I'm trying to use this guide, do you know why you enable ssh in pf.conf?

Edit: oh dear, now I'm downloading the source for every program including
ports.

~~~
SpaceInvader
What you mean by 'enable ssh in pf.conf'? What are you referring to?

~~~
SpaceInvader
Ok, found: pass in on egress proto tcp to any port ssh

It means that you need to open port 22 (ssh) in order to be able to log in as
recommended firewall setting is to 'deny all' by default.

~~~
fakeanon
Thanks. That's weird, because I can already log in with ssh on port 22. I was
asking because I didn't realize how it was related to a mail server. Now I
understand you might want to log in remotely.

------
protomyth
If doing this read the update in "OpenBSD Mail Server - Part 4, SpamAssassin
and SpamPD".

------
ukigumo
Nice find. I setup a Kolab + Ubuntu server based email for myself and family a
few months ago and it has been running great. If anyone would be interested in
a writeup let me know.

~~~
listic
Why did you decide to use Kolab?

~~~
ukigumo
Because it has a good suite of tools that work out of the box. There's LDAP,
webmail, webDav/calDav/cardDav, admin interface, antivirus, anti-spam, etc. It
integrates well with OwnCloud too which is a nice plus.

When I was looking to move away from gmail, my requirements where security and
privacy and Kolabsys was one of the first services that popped up as a viable
alternative.

The thing is, I was also looking for a reason to try out AWS and get back to
using linux after years of powerpoint and archimate _poisoning_ so everything
came together like that.

I highly recommend it, even if it took me about 5 working days to get
spamassassin, openDKIM, ciphermail and TLS working for all components. But
hey, now I get a 94% grade on www.emailsecuritygrader.com and a A+ on SSL
Labs's test so hurray for me.

------
UserRights
Tutorials like this are good for learning, but since computers are great tools
which can help to prevent repetitive work it would be great if the author
published a virtual machine image or, even better, some saltstack or ansible
recipes to build this on github, so it could be improved and maintained by
everybody.

Hint to authors of similar tutorials: yes, just release the scripts to build
the vm or docker image. This is 2015, it hurts to see 100 of people manually
copy pasting things.

~~~
mhurron
You're not going to learn anything from a premade docker image, or from
ansible playbooks.

At that point, there's no need to provide a tutorial at all.

~~~
jon-wood
The tutorial would provide the reasoning behind why the decisions in the
script have been made, allowing people to adapt it to their own needs.

