Slashdot Mirror
Best Way to Handle Email for a Small Domain?
CorkBobbingInTheSeaOfLife asks: "Our company just had its bi-annual email crisis/outage, so my boss wants to try something new -- to give me the 'opportunity' to figure out and implement a better way to host our small domain's email. We've changed hosts a few times, but whether we spend a little money or a lot none have been as reliable as we've liked -- companies fold, get blacklisted by AOL, and so forth. Is there a way to be smart about this, without hiring a dedicated email server pro? Do reliable email hosts actually exist? Should we run 'email appliance' software (such as ClarkConnect or E-Smith) on our own server? I'd appreciate any tips here - hell hath no fury like people without email, and I am very afraid..."
Sometimes the "simple" answers are the best. Yes, run your own email server. It doesn't have to be E-Smith, you could run your own flavor of *nix. Set up Mailscanner/SpamAssassin/[Generic Virus Scanner] and your users will be fairly safe and happy.
/bin/false.
You can also set up something like OpenWebMail and allow them to access email from the web. Even via HTTPS, if you like.
Further, if you have an INTERNET outage, your people IN OFFICE will still have access to their email accounts. That translates as no immidate "I cant access my email" whines. And if ARIN.net lists your company (or you) as the authority, you can PERSONALLY deal with any major ISP to resolve blacklistings. I've had RoadRunner, AOL and ATTWORLDNET blacklist a series of IPs within which our email server happens to reside -- each of those were resolved within 24 hours.
Important Notes:
Be sure (PRACTICE!) that you know how to back up and restore your system.
Unless they NEED shell access, point all users to
Shut off EVERY service you do not NEED.
Cheap/Easy IDS: Personally, I like portsentry + SSH on non-standard ports. Your system would need to be scanned to find your SSH server... and portsentry would ban IPs trying to scan. It's not 100%, but will keep out the script kiddies.
I second this. I've been w/ them since 1999, and have only suffered about 48 hours of downtime in those 6 years. That's not 9 9's of reliability (actually it's 3 :-), but I don't think you will find a better host for the price.
fsck -u
There are other requirements for any mail solution you'll ignore at your peril:
- Backups - Make them and test them
- Virus Scanner - Even a Linux house needs to worry about Macro Virii, etc.
- Spam Filter - Sometimes comes with the virus scanner
- Firewall - You need one anyway, make sure it's not based on the same OS as your server
- Data center environment, such as cooling, conditioned power, physical security are all good things to have
- Backups - Make some more, test them again
--Mike--As outlined in earlier posts, you have quite a few options when it comes to email service.
You can have it hosted. This is probably the easiest option. It sounds like you've had some bad experiences with this, and may be wary of it. You will have the best luck going with larger, more established hosts that embrace modern technology and have a strong, well documented, and well enforced AUP (that bans all kinds of spamming).
The second option has also been mentioned. Run a small Unix-based email service out of your office. This is probably the cheapest option, and depending on whom you compare it to, day-to-day management and troubleshooting can be quicker than a hosted service.
The third option is going to be an unpopular one with the Slashdot crowd (and in some cases, understandably so). Check out Microsoft Exchange (try the one bundled with Small Business Server). There are other groupware applications out there, and some (like Novell/SUSE's OpenExchange) are worth consideration...but nothing is Exchange. If you're already a Microsoft shop, you should definitely consider it as it integrates well with the MSFT software that you already have. Of course, it's budget dependant (and is an expensive platform to use). In your case with a small shop and limited experience, I would have a third party come in and set it up for you, and sign up for a service contract.
For an end user (especially management types), Exchange has every feature under the sun. It would help if you identified your goals (specifically budget and featureset desired) and then decide on what product is best for you. However, I would advise you to leave no option off the table, even if you have personal issues with the software. Also, all of these options are available as hosted solutions. However, it's important to weigh out both the benefits and drawbacks to hosting. Benefits are relatively obvious, and some drawbacks are that you lose control over your service, and certain quick tasks (like a password change) can take hours or even a full day for them to get around to.
-Turkey
Look into what Apple has to offer. Mac OS X Server looks very nice. It will run on anything from an old iMac to a Xserve G5. It features spam filtering, web mail, anti-virus, and encrypted connections.
I haven't used Apple's server products since the days of Mac OS 9. I'm just a fan of their products.
I am armed because I am free. I am free because I am armed.
So you're unhappy with 99.5% uptime.
(assuming that those two outages per year are for a full 24 hours...)
So you're not going to be happy with a solution that involves having someone else do it...
There is no such thing as 100% uptime.
While better than 99.9% uptime hosting does exist,
you're not likely to find one without doing a lot of work, and even then there will still be outages.
There isn't an ISP in existance that will both let a random company do email, and not be on some blacklist somewhere.
Best advice I can offer is to tell your boss that despite the problems you've had with [best service provider to date], there aren't any better solutions available, and you recommend living with the problems, rather than dealing with a whole new set of problems.
Anything else would set you up as the fall guy when email breaks in the future.
-- Should you believe authority without question?
If you go with Dreamhost be aware of the following things:
They WILL NOT get back to you with a service problem within the same work day, unless every site they are hosting is having problems. There is no way to contact them by phone, unless you email them and request them to call you at a certain time, but that certain time always has to be the next day for them to actually call you.
I have had email go out 4 times in the past year. Each time it was only down for 1-2 hours. However, not only was mail not received, but the mail BOUNCED. Not only was I dealing with people in the company not getting email, I was getting email from users trying to contact people at our company wondering why mail to our company is bouncing. After each of these occurances I asked them what happened and if it was corrected. They actually would tell me they don't know what caused it, and they don't know how they fixed it.
Very frustrating, since It keeps happening. The only good news is, when this problem occurs many sites are affected, so they resolve it within a few hours.
Another issue is that to create a new email or user account you have to use their web interface, and the lag time between when you hit submit on the website and when the user can get mail has been 5-6 hours for the past several months. It still says the delay is only 2 hours on the website, but it is incorrect.
There are many many other small things that annoy me, I was thinking about moving the company site and email off dreamhost, but I got a new position where I do not have any responsibility for this stuff.
It is VERY frustrating. I would 100% recommend Dreamhost for a personal server due to their cheap price and good features. However, for a commercial business it is VERY frustrating having noone to deal with for several hours when things go wrong.
Disclaimer: I work for a _very_ large email hosting company. If you have less than a few thousand users, don't even think about hosting with us.
Your choices will depend on budget and administrative flexibility.
1> Outsourced hosting: This is probably the easiest and cheapest method available. However, it is also likely that if your hoster is primarily a webhost, you will be hurt by someone else putting up bad scripts or software on the same box.
Going with companies dedicated to hosting email is probably a better choice.
2> Running your own server colocated in a datacentre: This gives you full control on the box, and attendant responsibility. If you choose your hosting company properly, you will find that you can email almost anywhere. (There _are_ people who will block even large hosts with very little justification).
3> Do it inhouse: You need minimal business class connectivity (permission to run servers, static IP and proper reverse DNS). Hire someone to setup the box for you, or use an appliance. Using a non appliance box gives you more flexibility, but some more responsibility as well.
What you need to do is decide on
a) What OS/distribution to use.
b) Which MTA to use
c) Which IMAP server to use.
I would go with a well supported Linux distribution (RedHat/SuSE for the commercial, Debian for free) or a FreeBSD 4.x box. My personal MTA of choice is Postfix, with Courier-IMAP doing POP3 and IMAP with webmail served by Squirrelmail.
If you _need_ a web based UI for management, use Webmin.
For spam filtering, SpamAssassin and Clamav for the antivirus. Wrap both these with amavisd-new.
The documentation for all these products is excellent, and plugging stuff in is trivial.
Your (Free) alternatives for MTA are: Exim, Qmail, Sendmail.
For the IMAP server: Cyrus, Dovecot and UW-IMAP.
Some people here recommend a backup MX. I would suggest avoiding the backup MX, since mail is queued for 5 days normally. If you have downtime > 5 days, you have bigger problems.
The cost of doing this inhouse would be in terms of the time you spend in updating packages and reading the documentation.
I can throw myself at the ground, and miss.