dovecot - Oct 2020 - Looking for a guide to collect all e-mail from the ISP mail server

>> why not just point them at a hosting service like google apps, and let
google keep things up to date?

Costs money, and also the problem is that gmail imposes heavy spam filters
and "reputation blocks" meaning smaller providers with low email
volumes,
are put in the spam folder, even if they never send spam, just because their
email volume is so low (ergo, they must prove they don't spam before getting
out of ispam folder)

Another thing is that you cannot impose IP restrictions when using Google
Apps, or have SSO with trusted access from inside the office. (for example -
scan your badge at the office door, your personal computer is automatically
logged on and you get access to everything).

With locally hosted servers, of course you have to keep them updated. Most
linux distributions can keep them updated automatically.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5715 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20201026/3026ce11/attachment-0001.p7s>

At 26 October, 2020 Sebastian Nielsen wrote:
> 
> >> why not just point them at a hosting service like google apps, and
let
> google keep things up to date?
Oh they most certainly do :)
> Costs money, and also the problem is that gmail imposes heavy spam filters
> and "reputation blocks" meaning smaller providers with low email
volumes,
> are put in the spam folder, even if they never send spam, just because
their
> email volume is so low (ergo, they must prove they don't spam before
getting
> out of ispam folder)
OP is trying to come up with a solution to handle transactional email
within members of the office and some vendors/clients, not bulk email
like you're describing.  As for "costs money", well everything in
life
does.  You can't get a branch office's email system setup for free.
> Another thing is that you cannot impose IP restrictions when using Google
> Apps, or have SSO with trusted access from inside the office. (for example
-
> scan your badge at the office door, your personal computer is automatically
> logged on and you get access to everything).
Eh, sure -- I suppose if the country you're operating in doesn't have
open communications with google (
https://transparencyreport.google.com/traffic/overview ) then yeah,
you're gonna have a hard time.  But this seems like a stretch for an
argument against using a hosting provider.
> With locally hosted servers, of course you have to keep them updated. Most
> linux distributions can keep them updated automatically.
My question was directed at OP as it sounded like they were coming in to
set something up once then moving on in life.  I wouldn't say that _any_
major linux distro updates automatically.  Rolling OS distros like arch
are constantly getting wedged and requiring a bit of manual attention to
nudge things along.  Distros like fedora can sorta kinda run with a `dnf
upgrade` happening in a cron if you like to... I guess.  Maybe something
like RHEL can be set and forgotten, but if you're paying for a RHEL
license then you're likely not going to abandon the host.

> and also the problem is that gmail imposes heavy spam filters and 
"reputation blocks" 
> meaning smaller providers with low email volumes, are put in the spam 
folder, even if
> they never send spam, just because their email volume is so low (ergo, 
they must 
> prove they don't spam before getting out of ispam folder)
How do you know that?

Because when I email to friends that are using gmail, my mail ends up in
spam unless  my friends put me in whitelist. Seems to vary however, and
seems to get better with time.

-----Ursprungligt meddelande-----
Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r
Marc
Roos
Skickat: den 26 oktober 2020 09:07
Till: dovecot <dovecot at dovecot.org>; sebastian <sebastian at
sebbe.eu>
?mne: RE: SV: Looking for a guide to collect all e-mail from the ISP mail
server


> and also the problem is that gmail imposes heavy spam filters and 
"reputation blocks" 
> meaning smaller providers with low email volumes, are put in the spam 
folder, even if
> they never send spam, just because their email volume is so low (ergo, 
they must 
> prove they don't spam before getting out of ispam folder)
How do you know that? 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5715 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20201026/b29f8017/attachment-0001.p7s>

I have no problems with Gmail from Digital Ocean. But I have both spf, DKIM,
DMARC and a reverse pointer. You need to not look spammy.

One advantage to using a VPS is your IP is unique. That is you don't share
it with a spammer. Not so with hosted services.





	? Original Message ?	


From: M.Roos at f1-outsourcing.eu
Sent: October 26, 2020 1:06 AM
To: dovecot at dovecot.org; sebastian at sebbe.eu
Subject: RE: SV: Looking for a guide to collect all e-mail from the ISP mail
server



> and also the problem is that gmail imposes heavy spam filters and
"reputation blocks"
> meaning smaller providers with low email volumes, are put in the spam
folder, even if
> they never send spam, just because their email volume is so low (ergo,
they must
> prove they don't spam before getting out of ispam folder)
How do you know that?

On 25 Oct 2020, at 22:51, Sebastian Nielsen <sebastian at sebbe.eu>
wrote:
>>> why not just point them at a hosting service like google apps, and
let
>> google keep things up to date?
> 
> Costs money,
Yes. That is a *good* thing. Running an unmaintained mail server is a BAD thing.
> and also the problem is that gmail imposes heavy spam filters
> and "reputation blocks" meaning smaller providers with low email
volumes,
I think you are confusing gmail and google apps (or whatever it is called now,
seems to change all the time).
> Another thing is that you cannot impose IP restrictions when using Google
> Apps, or have SSO with trusted access from inside the office. (for example
-
> scan your badge at the office door, your personal computer is automatically
> logged on and you get access to everything).
Wow. That sounds sooooooper not secure.
> With locally hosted servers, of course you have to keep them updated. Most
> linux distributions can keep them updated automatically.
You cannot keep a mail server automatically updated, sorry. That is a fantasy.

You can either spend money on someone know knows what they are doing in-house
(more secure, more control, more money), or you can spend money on outsourcing
someone who knows what they are doing (less money). The other option involves a
pair of smoking boots and a crater and I do not recommend it.

-- 
Nothing like grilling a kosher dog over human hair to bring out the
	subtle flavors.

>> Running an unmaintained mail server is a BAD thing.
Of course. You maintain it.
>>I think you are confusing gmail and google apps (or whatever it is
called
now, seems to change all the time).

Google apps uses the same restrictions. What I recall, you can disable SPF
and DKIM checks for trusted sources, but you cannot disable reputation
checks.
>>Wow. That sounds sooooooper not secure.
How? Of course, you must have some sort of secure communication between the
access controller system, and the system that manages logins for the
computers and such. Then when you scan the badge at your personal office
space (where only you have access), the access controller tells the system
to automatically logon the computer.

Another way is to have a RFID card reader where you put the badge to login
computer, and remove badge to logout.
Also a easy and secure system, but requires lots of integration work if you
want to use it with third-party services.

If you have own in-house servers, you can just tell those servers to check
on-the-fly with the access control system if there is a valid card on the
reader before giving computer X access to account Y - making it secure,
since you can then not tamper with anything to bypass the auth check - the
server, which is located in secure space, formally asks the access
controller "master", which is also located in secure space, if user X
is
authenticated at reader Y.
>>You cannot keep a mail server automatically updated, sorry. That is a
fantasy.

You can. Ubuntu have packages  with mail servers automatically updated.
However, sometimes manual intervention is required to change the config when
some security holes appear that cannot be resolved with patches.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5715 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20201027/6a3e53ed/attachment.p7s>