On Wed, 07 Jul 2021 10:04:06 -0700
techlists at phpcoderusa.com wrote:
>
>
> Hi,
>
> Please recommend a Dovecot book for a newbie... I have a fair amount
> of Linux PHP hosting experience - LAMP virtual host configurations.
> I'm new to BIND, Postfix, and Dovecot.
>
> I'm running Ubuntu 20.04lts.
>
> I have a test server almost working. Can send but not receive.
> Would like to understand more. I'm guessing it is a Zone (MX) / SSL
> / Client configuration issue.
>
> Thanks in advance!!
>
I used this person's blog when I set up my servers. Unfortunately he
only has guides for centos and freebsd but it is worth checking out. I
think the odds of me setting up an email server from just the manuals
would be zero, keyword me. But ubuntu verses centos should just be a
packaging issue.
https://blog.andreev.it/?p=1975
I recall it being correct put not complete regarding postfix. I don't
recall any Dovecot issue. It is 99% there. What I like is the guide
provides a test at each step.
I advise you to start out small and add features later or never. After
being hacked via RoundCube when I used a hosting service I am a firm
believer in keeping the attack surface small. If this is a personal
server (as is mine) I wouldn't even bother with spamassasin. You can
stop much spam simply via Postfix. What this guide lacks is a number of
milters for postfix required for DKIM and DMARC. Also I would set up
the server using "submission" (port 587) since that allows for
geofencing all the email ports other than 25, again presuming this is a
personal server where geofencing would be appropriate.
There are a number of websites that can test your email server. For
instance you wouldn't want to mistakenly be an open relay. They will
also help with verifying all the identification features are proper.
The deal with an email server is you need to look legit because the
world is out to block you. In fact there are some ISPs that will simply
reject your email until you contact them to get "allow listed". Some
like Spectrum will never accept email from some VPS. [Sheer
incompetence.]
Lastly my personal philosophy is to make no element of the email server
programmable via a browser. I do everything via ssh and cli. This makes
life hard for the hackers.