Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Way to Handle Email for a Small Domain?

Posted by Cliff on from the looking-for-options dept.

CorkBobbingInTheSeaOfLife asks: "Our company just had its bi-annual email crisis/outage, so my boss wants to try something new -- to give me the 'opportunity' to figure out and implement a better way to host our small domain's email. We've changed hosts a few times, but whether we spend a little money or a lot none have been as reliable as we've liked -- companies fold, get blacklisted by AOL, and so forth. Is there a way to be smart about this, without hiring a dedicated email server pro? Do reliable email hosts actually exist? Should we run 'email appliance' software (such as ClarkConnect or E-Smith) on our own server? I'd appreciate any tips here - hell hath no fury like people without email, and I am very afraid..."

2 of 126 comments (clear)

  1. Simple Answers... by Jhon · · Score: 5, Informative

    Sometimes the "simple" answers are the best. Yes, run your own email server. It doesn't have to be E-Smith, you could run your own flavor of *nix. Set up Mailscanner/SpamAssassin/[Generic Virus Scanner] and your users will be fairly safe and happy.

    You can also set up something like OpenWebMail and allow them to access email from the web. Even via HTTPS, if you like.

    Further, if you have an INTERNET outage, your people IN OFFICE will still have access to their email accounts. That translates as no immidate "I cant access my email" whines. And if ARIN.net lists your company (or you) as the authority, you can PERSONALLY deal with any major ISP to resolve blacklistings. I've had RoadRunner, AOL and ATTWORLDNET blacklist a series of IPs within which our email server happens to reside -- each of those were resolved within 24 hours.

    Important Notes:

    Be sure (PRACTICE!) that you know how to back up and restore your system.

    Unless they NEED shell access, point all users to /bin/false.

    Shut off EVERY service you do not NEED.

    Cheap/Easy IDS: Personally, I like portsentry + SSH on non-standard ports. Your system would need to be scanned to find your SSH server... and portsentry would ban IPs trying to scan. It's not 100%, but will keep out the script kiddies.

    1. Re:Simple Answers... by Jhon · · Score: 4, Insightful

      Your points are valid, but for a small domain, running their own email server can be pretty appealing.

      Most of the problems associated with an outage (power or network) can be handled with an MX backup service. It wont save you from a natural disaster that takes out your business, but it'll handle the 24-hour power failures...