Re: Running A Mail Server

Sun, 21 Sep 2008 02:40:31 -0700 

Neil wrote:
Unfortunately, that's currently unfeasible: while I've idly entertained fantasies of trying to install a hypervisor on to my VPS instance, and then running multiple servers from there, I'm not entirely sure it would work out in practice as it does in theory... Barring that, I'd need to buy another VPS instance. I've also considered Postini for that purpose (among others)... 


Maybe if I shuffle my mail off to another server/service somewhere, I'll 
try nested virtualization.  :P





you don't need virtualization. The suggestion was just because you asked 
on how to minimize risk. a dedicated server is always better than 
virtual machines. but you can run a mail server and a web server on the 
same machine if you can do that carefully.






Where's the best (or a good) place to read up on Postfix's checks?  I've 
read the docs, but I'm till a bit unclear on why I should or shouldn't 
use certain ones.



you can start by the docs available on postfix site. you can also get a 
copy of the Book of Postfix. Ralf and Patrick have done a great job.




My current config is:

smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination




you can at leats add (after reject_unauth_destination)
        # reject unknown addresses before querying dnsbls
        reject_unlisted_recipient
        reject_unlisted_sender
        # zen catches a lot of junk sources
        reject_rbl_client zen.spamhaus.org



you can use reject_invalid_helo_hostname. depending on your mail, you 
can also reject_non_fqdn_helo_hostname (but this will catch mail from 
misconfigured sites). you can use check_helo_access with a map to reject 
forged helo (when they use your own domain or IP).



I also just a couple days ago installed SpamAssassin (though I haven't 
"turned it on", so to speak, yet); and I'm thinking of using that for 
now, at first without the Bayesian component.  I think my strategy is 
going to be to call it for certain (broad) categories of mail from my 
procmailrc.





install amavisd-new and use it to run SA and clamav. enable Bayes in SA 
even if you don't train it. SA has an auto-learn functionality. use 
sa-update with selected channel (in particular JM SOUGHT rules).
























					Reply via email to