> On 29. Sep 2018, at 23:58, John R. Dennison <jrd at gerdesas.com> wrote: > > Save yourself the effort, time, headaches and eventual bloody tears of impotent > rage and just go with Google or some other provider. Running a mail > server properly is one of the more difficult tasks and quite often not > worth the time and trouble, especially if one is asking about it on a > list such as this.I fully agree with most of the former, except for the Google part. Google is to privacy what a shark pool is to a carp. If possible, avoid Google at all cost, and particularly for E-Mail. There are services around that cost a very small amount of money (e.g. mailbox.org or posteo.de), provide a very reasonable service and do *not* peek into your mail for advertisement targets and sell your data to their customers. If you want to run your own mail server (there are good reasons to do so, I've been running my own services for many years now) be prepared for a learning curve, as mail is not as simple and straightforward as it looks. You should also run your own DNS in that case, as many modern features of secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC etc.). DNSsec is preferred. There are some good books around (e.g. the Postfix/Dovecot books by Peer Heinlein, who incidentally is the owner of the mailbox.org service, but the Postfix book only seems to be available in German). Without a good foundation on running mail servers and/or some help from experienced mail server operators you're almost certain to screw up big time, which in most cases means ending up on some blacklists or having mail delivered very unreliably. As for the software question, I recommend the Postfix/Dovecot setup, enriched with some additional components to support graylisting, virus checking, spam filtering, DKIM, DMARC and SPF. Pete.
I would repeat my opinion that Sendmail and similar servers are not for easy to install and use. here is the link to Surgemail: https://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgemail& I'm not promoting but simply years of good work. Mikhail Utin ________________________________ From: CentOS <centos-bounces at centos.org> on behalf of Peter Eckel <lists at eckel-edv.de> Sent: Monday, October 1, 2018 11:37 To: CentOS mailing list Subject: Re: [CentOS] email Server for CentOS 7> On 29. Sep 2018, at 23:58, John R. Dennison <jrd at gerdesas.com> wrote: > > Save yourself the effort, time, headaches and eventual bloody tears of impotent > rage and just go with Google or some other provider. Running a mail > server properly is one of the more difficult tasks and quite often not > worth the time and trouble, especially if one is asking about it on a > list such as this.I fully agree with most of the former, except for the Google part. Google is to privacy what a shark pool is to a carp. If possible, avoid Google at all cost, and particularly for E-Mail. There are services around that cost a very small amount of money (e.g. mailbox.org or posteo.de), provide a very reasonable service and do *not* peek into your mail for advertisement targets and sell your data to their customers. If you want to run your own mail server (there are good reasons to do so, I've been running my own services for many years now) be prepared for a learning curve, as mail is not as simple and straightforward as it looks. You should also run your own DNS in that case, as many modern features of secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC etc.). DNSsec is preferred. There are some good books around (e.g. the Postfix/Dovecot books by Peer Heinlein, who incidentally is the owner of the mailbox.org service, but the Postfix book only seems to be available in German). Without a good foundation on running mail servers and/or some help from experienced mail server operators you're almost certain to screw up big time, which in most cases means ending up on some blacklists or having mail delivered very unreliably. As for the software question, I recommend the Postfix/Dovecot setup, enriched with some additional components to support graylisting, virus checking, spam filtering, DKIM, DMARC and SPF. Pete. _______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos
--On Monday, October 01, 2018 6:37 PM +0200 Peter Eckel <lists at eckel-edv.de> wrote:> I fully agree with most of the former, except for the Google part. Google > is to privacy what a shark pool is to a carp. If possible, avoid Google > at all cost, and particularly for E-Mail. There are services around that > cost a very small amount of money (e.g. mailbox.org or posteo.de), > provide a very reasonable service and do *not* peek into your mail for > advertisement targets and sell your data to their customers.Fastmail looks attractive to me as it's IMAP-friendly. I run my own server but I'm recommending to my family that they move their accounts there if I "get hit by a bus". <https://en.wikipedia.org/wiki/FastMail> I mostly run my own server because it's easy to create an infinite number of disposable "plussed" addresses as website login names. I've got a sendmail rule that lets me use a dot instead of a plus sign in such addresses to get around the websites that refuse a plus sign in an address. <http://mozilla.wikia.com/wiki/User:Me_at_work/plushaters>> You should also run your own DNS in that case, as many modern features of > secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC > etc.). DNSsec is preferred.This can be split. I let my hosting provider host my public domain name on their DNS servers. But I run a caching nameserver on my mail server to do the various lookups it requires. A forwarding nameserver for blacklist lookups is NOT recommended because of the way the various DNS-based blacklisting databases license their service.
On Mon, Oct 01, 2018 at 09:54:01AM -0700, Kenneth Porter wrote:> --On Monday, October 01, 2018 6:37 PM +0200 Peter Eckel <lists at eckel-edv.de> > wrote: > > > I fully agree with most of the former, except for the Google part. Google > > is to privacy what a shark pool is to a carp. If possible, avoid Google > > at all cost, and particularly for E-Mail. There are services around that > > cost a very small amount of money (e.g. mailbox.org or posteo.de), > > provide a very reasonable service and do *not* peek into your mail for > > advertisement targets and sell your data to their customers. > > Fastmail looks attractive to me as it's IMAP-friendly. I run my own server > but I'm recommending to my family that they move their accounts there if I > "get hit by a bus".We migrated over 100 users to fastmail with almost no complaints. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Thank you for the input. And to the others as well. I hate this type of chase where it seems never-ending, for a technology I can?t stand. Managing my current solution has been a problem for ages. I?m not getting any younger. Maybe hosting is the best solution, and I do agree with you about Google. I don?t trust them as far as I can spit.> On Oct 1, 2018, at 11:37 AM, Peter Eckel <lists at eckel-edv.de> wrote: > > I fully agree with most of the former, except for the Google part. Google is to privacy what a shark pool is to a carp. If possible, avoid Google at all cost, and particularly for E-Mail. There are services around that cost a very small amount of money (e.g. mailbox.org or posteo.de), provide a very reasonable service and do *not* peek into your mail for advertisement targets and sell your data to their customers. > > If you want to run your own mail server (there are good reasons to do so, I've been running my own services for many years now) be prepared for a learning curve, as mail is not as simple and straightforward as it looks. You should also run your own DNS in that case, as many modern features of secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC etc.). DNSsec is preferred. > > There are some good books around (e.g. the Postfix/Dovecot books by Peer Heinlein, who incidentally is the owner of the mailbox.org service, but the Postfix book only seems to be available in German). Without a good foundation on running mail servers and/or some help from experienced mail server operators you're almost certain to screw up big time, which in most cases means ending up on some blacklists or having mail delivered very unreliably. > > As for the software question, I recommend the Postfix/Dovecot setup, enriched with some additional components to support graylisting, virus checking, spam filtering, DKIM, DMARC and SPF.Cheers, Bee
Am 01.10.2018 um 17:37 schrieb Peter Eckel <lists at eckel-edv.de>: ...> If you want to run your own mail server (there are good reasons to do so, I've been running my own services for many years now) be prepared for a learning curve, as mail is not as simple and straightforward as it looks. You should also run your own DNS in that case, as many modern features of secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC etc.). DNSsec is preferred.... and for the sake of completeness; another acronym MTA-STS, a new additional standard https://tools.ietf.org/html/rfc8461 -- LF
> Am 01.10.2018 um 18:54 schrieb Kenneth Porter <shiva at sewingwitch.com>: > > --On Monday, October 01, 2018 6:37 PM +0200 Peter Eckel <lists at eckel-edv.de> wrote: > >> I fully agree with most of the former, except for the Google part. Google >> is to privacy what a shark pool is to a carp. If possible, avoid Google >> at all cost, and particularly for E-Mail. There are services around that >> cost a very small amount of money (e.g. mailbox.org or posteo.de), >> provide a very reasonable service and do *not* peek into your mail for >> advertisement targets and sell your data to their customers. > > Fastmail looks attractive to me as it's IMAP-friendly. I run my own server but I'm recommending to my family that they move their accounts there if I "get hit by a bus". > > <https://en.wikipedia.org/wiki/FastMail> > > I mostly run my own server because it's easy to create an infinite number of disposable "plussed" addresses as website login names. I've got a sendmail rule that lets me use a dot instead of a plus sign in such addresses to get around the websites that refuse a plus sign in an address. > > <http://mozilla.wikia.com/wiki/User:Me_at_work/plushaters> > >> You should also run your own DNS in that case, as many modern features of >> secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC >> etc.). DNSsec is preferred. > > This can be split. I let my hosting provider host my public domain name on their DNS servers. But I run a caching nameserver on my mail server to do the various lookups it requires. A forwarding nameserver for blacklist lookups is NOT recommended because of the way the various DNS-based blacklisting databases license their service. >I run my own mail-server on FreeBSD and qmail (setup mostly using a script from Matt Simerson: https://github.com/msimerson/Mail-Toaster-6). I need to re-do it at some point. I?m always debating moving to Zimbra (OpenSource Edition, or Zimbra Suite). If I wouldn?t run my own, I?d probably switch to Protonmail. Fastmail is also an option. DNS (authority) is best run at your hosting-provider or even at a specialized DNS provider, depending on requirements. Everything else is just asking for trouble.