[H-GEN] OpenSMTPD - interesting.

Mon May 6 00:24:46 EDT 2013

On 2013-05-06 13:56, Gavin Duley wrote:
> Indeed. I've thought about running my own mail server in the past
> (just because I want to) but never have so far, partly because of
> this, and partly because I don't want to end up inundated with spam,
> or worse running an insecure mail server that could forward on spam.

Between Spam Block Lists and some basic settings 99% (exaggerated, but 
you get the point) of my spam is blocked. Even in Postfix these things 
are super simple to put in. The following is part of my server's 
configuration.

smtpd_recipient_restrictions =
     ...
     #This was blocking Defence recruiting email server which does not 
have fqdn.
     #reject_non_fqdn_hostname
     reject_non_fqdn_sender
     reject_non_fqdn_recipient
     ...
     reject_invalid_hostname
     reject_rbl_client zen.spamhaus.org
     #reject_rbl_client dnsbl.sorbs.net
     ...
     permit

As you can see there - there was *one* time over the last few years my 
mail server configuration caused me an issue (The first commented out 
rule) - and when I heard about some SORBS issues I pre-emptively 
disabled it and never bothered re-enabling it - Spamhaus is doing nearly 
all the blocking I needed anyway. You can also seem some other rules in 
there which are blocking things which do not have a valid FQDN or 
hostname - this helps block a lot of spammers and spam botnets.

The configuration needed to stop your server from being an open relay 
and such is very well documented. Whatever tutorial you're likely to 
reference will probably make a point of it.

> it might be better to leave my mail server
> up to someone else...

I know the feeling. Hosted email is popular for a reason! But 
anecdotally, I've been running my own email for a few years with pretty 
much no incident.

Apache breaking is a bit unusual because usually distros are quite 
careful about web and email servers (sensible distros anyway). Web and 
email servers generally also have a slow development pace, which helps.

> I'm still tempted to try out OpenSMTPD, though, even just on a vm at
> home for the sake of trying it out. It might even be an excuse to try
> out OpenBSD, too. (Even though OpenSMTPD seems to be available for
> Debian).

OpenSMTPD doesn't have filtering yet - so you would get inundated by 
spam unless you pipe your mail through some sort of spam filtering 
service. Keep it in the back of your mind until they do put in filtering 
(soon, I hear). Meanwhile Postfix is a little tricky to configure, but 
quite doable.

On the subject of playing with BSDs, I am thinking of playing with 
Debian GNU/kFreeBSD. The idea of a Debian userland with a kernel that 
has a decent-enough ZFS implementation is appealing to me. It'd be great 
for keeping backups nice and compact due to file de-duplication at the 
FS level.

-- 
Daniel Devine