Slashdot Mirror
Best Way to Handle Email for a Small Domain?
CorkBobbingInTheSeaOfLife asks: "Our company just had its bi-annual email crisis/outage, so my boss wants to try something new -- to give me the 'opportunity' to figure out and implement a better way to host our small domain's email. We've changed hosts a few times, but whether we spend a little money or a lot none have been as reliable as we've liked -- companies fold, get blacklisted by AOL, and so forth. Is there a way to be smart about this, without hiring a dedicated email server pro? Do reliable email hosts actually exist? Should we run 'email appliance' software (such as ClarkConnect or E-Smith) on our own server? I'd appreciate any tips here - hell hath no fury like people without email, and I am very afraid..."
Sometimes the "simple" answers are the best. Yes, run your own email server. It doesn't have to be E-Smith, you could run your own flavor of *nix. Set up Mailscanner/SpamAssassin/[Generic Virus Scanner] and your users will be fairly safe and happy.
/bin/false.
You can also set up something like OpenWebMail and allow them to access email from the web. Even via HTTPS, if you like.
Further, if you have an INTERNET outage, your people IN OFFICE will still have access to their email accounts. That translates as no immidate "I cant access my email" whines. And if ARIN.net lists your company (or you) as the authority, you can PERSONALLY deal with any major ISP to resolve blacklistings. I've had RoadRunner, AOL and ATTWORLDNET blacklist a series of IPs within which our email server happens to reside -- each of those were resolved within 24 hours.
Important Notes:
Be sure (PRACTICE!) that you know how to back up and restore your system.
Unless they NEED shell access, point all users to
Shut off EVERY service you do not NEED.
Cheap/Easy IDS: Personally, I like portsentry + SSH on non-standard ports. Your system would need to be scanned to find your SSH server... and portsentry would ban IPs trying to scan. It's not 100%, but will keep out the script kiddies.
We use DreamHost for our web and email hosting. They're cheap, the plans offer lots of space, functionality, and bandwidth, and we haven't had any problems with email or web downtime in the three years we've been with them.
This space intentionally left blank.
There are other requirements for any mail solution you'll ignore at your peril:
- Backups - Make them and test them
- Virus Scanner - Even a Linux house needs to worry about Macro Virii, etc.
- Spam Filter - Sometimes comes with the virus scanner
- Firewall - You need one anyway, make sure it's not based on the same OS as your server
- Data center environment, such as cooling, conditioned power, physical security are all good things to have
- Backups - Make some more, test them again
--Mike--What's wrong with the above person making a commission? Well, absolutely nothing. You make it sound like telemarketing or something, when it's not even in the same ballpark. It's not like the end user gets a lower price. There is nothing ethically wrong with affiliate programs. Move on, spend your time grousing about things that matter.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I would suggest RedHat or CentOS running CourierMTA http://www.courier-mta.org/.
The standard Courier bundle has everything you need for a mail server (web administration, webmail, imap4, pop3, TLS/SSL, filtering, mail lists, fax support, etc...). If desired, all you need to add is SpamAssassin and a virus scanner. I have been running this combo for years with great results.
-Nathan
As opposed to the ever-so-tedious process of installing, say, SquirrelMail? I mean, it's not like it comes with major operating systems like Fedora or anything...
The World Wide Web is dying. Soon, we shall have only the Internet.
Disclaimer: I work for a _very_ large email hosting company. If you have less than a few thousand users, don't even think about hosting with us.
Your choices will depend on budget and administrative flexibility.
1> Outsourced hosting: This is probably the easiest and cheapest method available. However, it is also likely that if your hoster is primarily a webhost, you will be hurt by someone else putting up bad scripts or software on the same box.
Going with companies dedicated to hosting email is probably a better choice.
2> Running your own server colocated in a datacentre: This gives you full control on the box, and attendant responsibility. If you choose your hosting company properly, you will find that you can email almost anywhere. (There _are_ people who will block even large hosts with very little justification).
3> Do it inhouse: You need minimal business class connectivity (permission to run servers, static IP and proper reverse DNS). Hire someone to setup the box for you, or use an appliance. Using a non appliance box gives you more flexibility, but some more responsibility as well.
What you need to do is decide on
a) What OS/distribution to use.
b) Which MTA to use
c) Which IMAP server to use.
I would go with a well supported Linux distribution (RedHat/SuSE for the commercial, Debian for free) or a FreeBSD 4.x box. My personal MTA of choice is Postfix, with Courier-IMAP doing POP3 and IMAP with webmail served by Squirrelmail.
If you _need_ a web based UI for management, use Webmin.
For spam filtering, SpamAssassin and Clamav for the antivirus. Wrap both these with amavisd-new.
The documentation for all these products is excellent, and plugging stuff in is trivial.
Your (Free) alternatives for MTA are: Exim, Qmail, Sendmail.
For the IMAP server: Cyrus, Dovecot and UW-IMAP.
Some people here recommend a backup MX. I would suggest avoiding the backup MX, since mail is queued for 5 days normally. If you have downtime > 5 days, you have bigger problems.
The cost of doing this inhouse would be in terms of the time you spend in updating packages and reading the documentation.
I can throw myself at the ground, and miss.