
How to set up a mail server on a GNU / Linux system - alexchamberlain
http://flurdy.com/docs/postfix/index.html
======
phzbOx
I know it's a bit out of subject but I had to do this a couple time, and now,
I simply use google app. It gets the job done, have a nice spam filter and
more importantly, users are already used with google services. I'm not saying
configuring the server with postfix is bad, far from that, but it might be
worthwhile to look at google app as it may speed up things for you and your
users.

~~~
mseebach
I agree. I've been on Google Apps for about five years now, and I routinely
configure an apps account for almost all domains I buy. Never had any
problems. Never having a "the e-mail is down" call while on vacation (or,
really, anytime) is awesome.

I enjoyed "The Five Stages of Hosting" posted earlier
(<http://news.ycombinator.com/item?id=3526767>). In that metaphor, Google Apps
is the large, modern and comfortable house in a central location with most
amenities and virtually rent free - only downside is that the landlord won't
let you knock down the walls, and there's no way a grand piano will fit
through the front door.

~~~
phunel
And that the landlord admits to coming into your house daily to read through
all your mail and documents in order to sell you stuff. And then follows you
around town to catalog what you buy, what videos you watch, who are your
friends, what are they doing, and what information you're looking for, among
other things because, you know, this will all make it a better experience for
you.

~~~
brudgers
You forgot to mention the benefits of vendor lock in.

~~~
mseebach
There is none. You can download all your email any time in an open, industry
standard format (IMAP).

~~~
dredmorbius
Calendar and contacts, as well as integration with a few other bits, provide a
slight measure of lock-in. I'd still have to say that it's lower for Google
Apps than for a lot of other products out there.

Actually, the Google Docs integration is probably the biggie.

~~~
ghshephard
Re: Contact Lockin: Your contacts should be in the Directory Server and synced
to Google Apps. Any first class platform you will migrate to will sync to
LDAP.

Re: Calendar I've done two calendar technology migrations for 500+ person
companies - they are typically forklift upgrades done over a weekend. You
basically lock in your resources (rooms, typically) a week ahead of time, have
people rebook any forward meetings into those resources - and have everyone
switch into the new system on Monday. As long as people have the right client
(in Googles case, that would be a "Web Browser") there is no lock-in.

I could take a 500 person company from Google Calendar, Email, and Contacts
over to Microsoft exchange with a team of three people in under a month, with
maybe 2 days of disarray (monday) as people (who ignore instructions the
previous week) update the mail servers and LDAP servers on their various
Androids, iPhones, Macintoshes, etc...

Just make sure you keep your primary directory in your own LDAP server, and
you will be good to go. Don't outsource the directory. And stick to something
LDAP compatible.

~~~
dredmorbius
Yeah, it's reasonably light, as I said. Training and end-user usage patterns
(never something to be taken lightly) are probably your biggest issues.

Then again, the user experience with the leading alternative solution (MS
Exchange) is so miserable that at one organization I'm aware of, the public
announcement of a migration to Google Apps for Domains was greeted with a
standing ovation.

Another interesting factoid: Hal Varian, co-author of _Information Rules_ ,
which largely discusses strategic use of lock-in by both vendors and users, is
Google's chief economist. I suspect this is a subject the organization
understands well: [http://www.amazon.com/Information-Rules-Strategic-Network-
Ec...](http://www.amazon.com/Information-Rules-Strategic-Network-
Economy/dp/087584863X/ref=sr_1_2?s=books&ie=UTF8&qid=1327962623&sr=1-2)
<http://en.wikipedia.org/wiki/Hal_Varian>

------
regularfry
Personally, I hugely prefer exim+dovecot to postfix+courier. This guide is the
one I follow:
[http://hinterlands.org/wiki/index.php/DebianEximDovecotSquir...](http://hinterlands.org/wiki/index.php/DebianEximDovecotSquirrelmailSieve)
(although I'm not a Squirrelmail fan at all).

~~~
Arelius
IMO, I agree with dovecot over courier, but any reason you prefer exim? I'm
under the impression that postfix is regarded as one of the best examples of
secure software to date.

~~~
regularfry
Habit, mostly. The first mail server I ran for myself was postfix, and I
managed to get in a nasty tangle. Exim configuration just seems to fit my
brain better.

------
tsuraan
While in college, my housemates had a Linux mail server configured with
individualized spam filtering; every user had an IMAP "spam" folder and a
"ham" folder; they could move false negatives from their inbox to the spam
folder, move false positives from spam to ham, and a nightly job would run and
generate custom statistics for each user. It was remarkably slick, and for
years I've been trying to figure out what that setup was. Does anybody have
any ideas, or actual links to similar tutorials?

~~~
BCM43
Make a cron job run this?
[http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-
learn....](http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html)

------
bwarp
This is useful. I will review.

I have traditionally used the instructions here which are very mature and have
done me well for years:

<http://workaround.org/ispmail>

They are absolutely bomb proof.

~~~
plaes
Yeah, this one is a bit improved stack, because it contains fewer pieces in
critical places (ie dovecot can do all the authentication + delivery).

------
freehunter
Does anyone here recommend building your own email system other than it being
more private than hosted email? Are there any benefits (outside of privacy) to
putting up your own email server?

~~~
haydin
... and on a -somewhat- related note: Does anyone here recommend 'premium'
e-mail hosting, such as Rackspace E-mail?
(<http://www.rackspace.com/apps/email_hosting/rackspace_email/>). What are the
benefits of such services? I am trying to understand the benefits of these
premium e-mail services to a postfix on a self-managed VPS.

~~~
tildedave
One major advantage of premium hosting services (and other SaaS providers such
as SendGrid) is that for outgoing mail, your mail will be delivered and not
marked as spam/blacklisted/dropped silently.

Because of the low volume of outgoing mail from a VPS, it's very easy to end
up on blacklists.

~~~
loup-vaillant
Wait, how does sending _little_ emails can get your server blacklisted? Is it
because they don't care about the small guy, or is there some technical reason
?

~~~
tildedave
It's really about how much a false positive affects your IP's reputation.

When you are sending out a lot of email, recipients see a volume of mail. If a
few of these get marked as spam, no big deal, you sent out 5,000 mails in an
hour, of which 2-3 were marked as a false positive.

If you are running your own VPS you are sending out comparatively fewer mails
so the decision on whether you are a spammer or not is made with a lot less
information -- and most recipients will assume you are a spammer immediately.

------
tlb
The size of that guide illustrates why I switched to google apps + gmail. I
was using a different stack based on FreeBSD, qmail, spamassassin, imapd and
tcpserver, but about equally complex. It required regular maintenance and took
up too much mental space.

------
Joeboy
The advice I wish somebody had given me: Don't use Debian's default
configuration for Exim. Even though Debian's docs strongly recommend that you
should do so. I'm sure their magic config stuff works brilliantly for
somebody, but for most people it creates a vast, complex set of files that
then breaks when you upgrade, leaving you with no email. Just write (or find)
a config file.

~~~
alexchamberlain
This (almost) holds true for (almost) every piece of software.

------
agentgt
I just recently setup an email auto-responder with a custom email server (in
Java) and I will say it was a goddamn PITA. I did use the cited article and
also this one is good:
[http://rimuhosting.com/support/settingupemail.jsp?mta=postfi...](http://rimuhosting.com/support/settingupemail.jsp?mta=postfix)

Some things that are rather important:

1\. Name your email server with "mail" some where in the name. Seriously don't
call your email server crapbox.snaphop.com :)

2\. Although you can send email as a relay on many different ports (2525,
8025, 587 (ssl)) you can really only receive on port 25.

3\. You better have a PTR / reverse dns setup.

4\. It takes at least a couple of hours before email servers will acknowledge
you.

5\. You can get away with out a SPF for a little bit but you really need if
your going to blast a crap load of emails. Use this to test:
<http://www.kitterman.com/spf/validate.html>

~~~
Corrado
A couple of more gottchas are:

6\. Some (most?) hosting providers are black listed and getting other email
systems to recognize you as a valid agent is getting tougher and tougher.

7\. You have to provide your own fail-over, or purchase it from someone else.

~~~
RockyMcNuts
8\. domain keys (DKIM) ?

did this recently on EC2 and found these helpful

[http://pauldowman.com/2008/02/17/smtp-mail-from-ec2-web-
serv...](http://pauldowman.com/2008/02/17/smtp-mail-from-ec2-web-server-
setup/)

[http://www.practicalclouds.com/content/guide/sending-
email-e...](http://www.practicalclouds.com/content/guide/sending-email-
ec2-instances)

DKIM on Ubuntu - <https://help.ubuntu.com/community/Postfix/DKIM>

Microsoft SPF record creation wizard -
[http://www.microsoft.com/mscorp/safety/content/technologies/...](http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx)

not sending that much mail, but noticed after setting up SPF/DKIM/reverse DNS
that the mail I sent to myself didn't end up in spam folders at gmail and
hotmail etc., without having to send via a service like authsmtp.com.

------
spydum
People still setup mail servers? amazing, I actually thought I was the last
hold out to host my own email. I used to be all crazy into qmail (and then
later postfix), with spamassassin, clamav, etc. It wasn't until about 5 years
ago I ran into Surgemail while reviewing solutions for a former employer.
<http://netwinsite.com/surgemail/> it's worth a look if you are into hosting
your own mail. I rarely, if ever plug commercial software, but these guys have
really earned it. From their awesome support, development, and licensing
model, it's just all around impressive.

------
ivan78
I have much better recipe. You go to zimbra.com, download ZCS Open-Source
Edition and immediately have all the functionality out of the box. As a bonus
you have much more beautiful web-interface than ancient Squirrelmail.

~~~
jcurbo
Squirrelmail is indeed ancient looking. Years ago when I last ran my own mail
stack (postfix + cyrus) I wondered why there wasn't a gmail-clone mail webapp.
Perhaps there is now?

~~~
capnrefsmmat
There's Roundcube, which is reasonably good:

<http://roundcube.net/>

------
corford
For anyone thinking of running a private mail server off their home DSL line,
don't do it. It's very likely your IP (even if static) will be in all sorts of
spam block lists.

Instead, either use your ISPs mail server as a smarthost (if they allow it) or
(better imho) get a small VPS of your own (e.g from Linode) and:

1). Install open dkim and set it to sign all your outgoing mail (make sure to
add the relevant DKIM TXT records to your domains)

2). Add SPF records to all your domains

3). Make sure your server's IP has reverse dns setup

Your mail should then happily sail through all but the most brutal of spam
filters.

~~~
sigpipe
I use my home server as the primary MX, and a VPS to relay outgoing mail via
TLS and serve as a backup MX. This allows me to keep my email on a server only
accessible to me, while avoiding the blocklist issues when sending mail.

------
clsdaniel
Long ago I installed a small server for a university project that ran on linux
(slackware with many customizations), at the time configuring postfix,
dovecot, exim, etc. Was a pain and probably not worth my time for what it was
used so we decided to go with Hula which at the time looked promising, was
dead simple to get working and fairly performant given the low end spec of the
server (P4 1.8Ghz, 256mb RAM).

Later on Hula struggled badly with Novell, was sold and forked, we tried to
check out the forked version (Bongo I think) but so far the project seemed
dead.

After a while we did a clean setup after failing a distribution upgrade (but
hey 5 years updating without hitch on custom kernel and compiled software), we
moved to debian to lessen maintenance, email was done via
postfix+dovecoat+postgresql, which was a hassle (to say at least) to
configure, funny enough this setup did not perform well, looking for a more
consolidated solution we found Apache James, which looked fairly promising
(being under the Apache foundation), the only downside was that it was written
in Java, not that I have anything against it but that is another vm to install
and maintain, we gave it a try and we have been very satisfied with the
results, easy to administrate, very sane defaults, relatively easy
configuration in case of tweaks (having it use our postgresql db for users was
pretty easy compared to postfix/dovecot), it sucks a lot of memory but the
machine overall feels even faster that with the postfix/dovecot stack.

So yeah, while its nice to have an email stack that follows the Unix
philosophy, it can get very unwieldy for simple setups (while it may shine on
complex setups where flexibility is needed).

------
lgeek
It's funny that I've just switched from Google Apps to my own email server
today. I've used GApps since 2007, but I've been considering to move away for
some time, mostly due to privacy concerns.

It only took me a couple of hours to set up an encrypted VPS with Postfix and
Dovecot, change the DNS and test that everything works ok. I'm somewhat lucky
that I don't get too much spam and Thunderbird does a decent job of filtering
it.

~~~
spindritf
'Encrypted VPS'? You have an encrypted container on it? Have it installed in
an encrypted container? Encrypt all incoming mail?

~~~
lgeek
I run a UML VM with full disk encryption on a larger VPS. I only use it for
email storage and services. MUAs connect using IMAPS and SMTPS.

------
zaa
Install the same in a couple of minutes with <http://www.iredmail.org/>

~~~
alexchamberlain
I don't want all of it though. You shouldn't be running a web server on your
email server for instance.

~~~
zaa
Web server is installed for the web control panel, which can be disabled
afterwards.

I do like step by step guides as they provide a higher level of control, but
after you've performed a setup like that 2-3 times, you start to lean towards
more automated installs as iredmail or custom written scripts. So why maintain
your own scripts when you can start with a ready made package.

~~~
alexchamberlain
And the webmail...

------
2mur
For personal projects I set up Google apps to handle inbound/outbound email
for an admin email. Then postfix on the server in a null client configuration
for outbound email only (eg. no-reply) type registration emails and so forth.

~~~
alexchamberlain
Off topic: I hate noreply email addresses. Why not send it from yourself or
customer services?

~~~
phillmv
The only valid reason I can think of is minimizing PLEASE UNSUBSCRIBE from
your customer service spam filter.

------
trimbo
For receiving email, why would you want to donate your bandwidth costs to
spammers? I understand the desire to use Postfix though, so just use Gmail, or
even Pobox (which has adjustable spam settings), then forward to your own
server with some whitelisting in place. Then at least you've cut your
bandwidth by about 99%.

For sending email, there are some steps for DNS and signing missing here that
can result in your email going to spam with the major ISPs. It looks like he
was going to add Domain Keys in v6 but abandoned it.

------
gog
<http://gogs.info/books/debian-mail/chunked/>

This one was written by me, for Debian Squeeze...

------
corford
I've become a very big fan of www.zarafa.com over the last year or so. It's
open source, modular, works hand in hand with postfix, supports activesync
phones, has a great webmail interface, strong documentation and, best of all,
fully supports Outlook 2010 clients connecting in Exchange mode (if you want
that).

IMHO, it's the best opensource groupware offering out there.

------
ilaksh
In case it helps anyone who is like me and isn't concerned about the most
secure or optimal setup for all aspects of email and just wants the easiest
way to be able to send mail on Ubuntu, what worked for me was this:

sudo apt-get install postfix

Then hit enter a few times to select the defaults.

------
rabidsnail
Whenever I see a tutorial like this I think: "Why isn't this a script?".

