(To avoid a couple separate mails, I merged some of the list replies.
Also, apologies for the delay.)
On 15 Sep 2008, at 06:52, Adam Tauno Williams wrote:
On Sun, 2008-09-14 at 13:59 -0300, Diego Ledesma wrote:
On Fri, Sep 12, 2008 at 6:06 PM, Neil <[EMAIL PROTECTED]> wrote:
I'm currently running a mail server, for my own use, on a VPS
(Postfix+Dovecot+Procmail on Gentoo). I've been toying with the
idea of
moving back to a shared host though, mostly because I'm not sure
what level
of skill is necessary to really run my own internet facing server,
and if I
have that level of skill (I don't really care if my website gets
hacked; but
I'd be rather disturbed if all my email suddenly became public
information).
I'm running on a VPS mostly because I wasn't happy with the email
solutions
being provided by any other providers, except for a few who wanted
a bulk
purchase at a price I couldn't justify. I am a fairly heavy mail
user; but
a fairly light user in pretty much all other services. (I barely
get any
hits on my websites....)
What are my chances, as a relative newbie? (I've run servers
before, but
usually behind a firewall and on a network administered by someone
else.)
Your odds are pretty good assuming you have moderate load.
I have a very light load: at the moment, it's just me on there...
At the moment, I haven't even put a webserver on the VPS because
I'm afraid
it will raise the risk profile to my server. =\
Any advice? What are your thoughts on this?
Use a fence. Have an SMTP server between your "real" server and the
Internet that just accepts, processes, and delivers messages to your
"real" server. With virtualization this is much easier these days.
Unfortunately, that's currently unfeasible: while I've idly
entertained fantasies of trying to install a hypervisor on to my VPS
instance, and then running multiple servers from there, I'm not
entirely sure it would work out in practice as it does in theory...
Barring that, I'd need to buy another VPS instance. I've also
considered Postini for that purpose (among others)...
Maybe if I shuffle my mail off to another server/service somewhere,
I'll try nested virtualization. :P
(While I know list etiquette is generally to send your replies to
everyone;
I have no objection to off-list replies if you prefer.)
I'm relativity new to mail servers too (running my own for almost a
year now). Before going live i advice you check that your mail server
is not an open relay.
Yep. But configuring an Open Relay gets harder with every version. :)
Default configurations these days are closer and closer to what should
actually be running.
I'll double check. I think my restrictions are sufficiently tight for
that though.
On 15 Sep 2008, at 11:12, mouss wrote:
Adam Tauno Williams wrote:
[snip]
My advice is to avoid all these. Just you a black-list (RBL) and
grey-listing; both are simple, fast, and generate very minimal load.
The hulking monsters like spamassasin offer very minimal improvement
over these simpler methods at a very high price in complexity and
performance.
while rejecting as much junk as possible with postfix checks is
good, this doesn't block all junk unless you get too aggressive. I
certainly do favour origin filtering, but there is a place for
content filtering. For example, I don't block large SPs in postfix.
Where's the best (or a good) place to read up on Postfix's checks?
I've read the docs, but I'm till a bit unclear on why I should or
shouldn't use certain ones.
My current config is:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
I also just a couple days ago installed SpamAssassin (though I haven't
"turned it on", so to speak, yet); and I'm thinking of using that for
now, at first without the Bayesian component. I think my strategy is
going to be to call it for certain (broad) categories of mail from my
procmailrc.
You should also advice the users of your mail server not to publish
their e-mail address.
Disagree, 5,000,000%. This attitude breaks the very point of e-
mail -
which is communication. My e-mail address ([EMAIL PROTECTED])
is
*EVERYWHERE* on the Internet, go and google it. With RBL and
greylist
I get a pretty low level of SPAM and my e-mail is actually useful
since
legitimate people who want to contact me can just do so. Hiding an
address accomplishes nothing and only means legitimate people can't
figure out how to contact you.
you're right with regard to hiding. I get as much spam to my list
address as to other addresses. after all, addresses are also stolen
from address books, ... etc.
That said, using multiple addresses has benefits. for example, it
helps with mail classification. it also helps dealing with false
positives. I can be more aggressive for [EMAIL PROTECTED] than for
my professionnal address...
Another choice is to have two e-mail address,
one that you normally use and the other that's available for anyone.
Disagree; what a pain-in-the-butt. Most [sane] users will never
accept
such a policy; "Again, why can't I just have one e-mail address?"
So it's best to propose as an option, not as a policy. Some users
will like it, others won't. after all, everybody is unique.
Well, the email addresses that get the most traffic now (legitimate
and illegitimate) are Gmail addresses forwarding in to my own mail
server's addresses. (This email address is, in fact, hosted by Google
Apps, and then being bounced in.) So on the up side, I don't see a
whole lot of spam right now. But part of the reason I'm here was I
wanted to stop juggling so many email addresses, and the first step to
that end was to find a mail solution I like. (I don't like Gmail that
much; their IMAP server irks me, and their attitude towards privacy is
also starting to bother me...it started with "Don't be evil.", and now
seems to be at, "Well, no one _really_ expected privacy on the
internet, did they?".)
Running my own mail server has let me do all sorts of fun hacks
(though I probably won't do it forever), like
sender_dependent_relay_maps to route mail back through the Gmail
accounts so it looks like it's coming from the right server (and
completes the backup/history of my mails on Gmail's servers while I'm
messing around with mine)... But as things come together in the long
run (eg. I decommission most of the addresses), this overly
complicated setup will come down.
