[H-GEN] OpenSMTPD - interesting.

Gavin Duley gavin at microcomaustralia.com.au
Mon May 6 22:28:33 EDT 2013 

On Mon, May 6, 2013 at 1:54 PM, Daniel Devine <devine at ddevnet.net> wrote:
> On 2013-05-06 13:56, Gavin Duley wrote:
>>
>> Indeed. I've thought about running my own mail server in the past
>> (just because I want to) but never have so far, partly because of
>> this, and partly because I don't want to end up inundated with spam,
>> or worse running an insecure mail server that could forward on spam.
>
>
> Between Spam Block Lists and some basic settings 99% (exaggerated, but you get the point) of my spam is blocked. Even in Postfix these things are super simple to put in. The following is part of my server's configuration.
>
> smtpd_recipient_restrictions =
>     ...
>     #This was blocking Defence recruiting email server which does not have fqdn.
>     #reject_non_fqdn_hostname

I'd probably want to uncomment this. I don't really need to get
recruiting emails from defense....

>     reject_non_fqdn_sender
>     reject_non_fqdn_recipient
>     ...
>     reject_invalid_hostname
>     reject_rbl_client zen.spamhaus.org
>     #reject_rbl_client dnsbl.sorbs.net
>     ...
>     permit

Okay. I'd heard it was a real headache keeping a mail server secure
and spam-free(TM) now.

> As you can see there - there was *one* time over the last few years my mail server configuration caused me an issue (The first commented out rule) - and when I heard about some SORBS issues I pre-emptively disabled it and never bothered re-enabling it - Spamhaus is doing nearly all the blocking I needed anyway. You can also seem some other rules in there which are blocking things which do not have a valid FQDN or hostname - this helps block a lot of spammers and spam botnets.
>
> The configuration needed to stop your server from being an open relay and such is very well documented. Whatever tutorial you're likely to reference will probably make a point of it.

Yes, should do -- hopefully using fairly decent security too, not just
whatever's simplest.

>> it might be better to leave my mail server
>> up to someone else...
>
>
> I know the feeling. Hosted email is popular for a reason! But anecdotally, I've been running my own email for a few years with pretty much no incident.
>
> Apache breaking is a bit unusual because usually distros are quite careful about web and email servers (sensible distros anyway). Web and email servers generally also have a slow development pace, which helps.
>

My fault -- I started doing a distribution upgrade, then forgot and
left it part way through. Apache had been stopped whilst it was doing
the upgrade. It was sitting around waiting for me to press enter to
continue for some option or another. Once I finished the dist-upgrade,
apache started working again.

(Well, sort of -- the new version complained that I didn't have a file
called /etc/apache2/httpd.conf , but that was an easy fix).

>> I'm still tempted to try out OpenSMTPD, though, even just on a vm at
>> home for the sake of trying it out. It might even be an excuse to try
>> out OpenBSD, too. (Even though OpenSMTPD seems to be available for
>> Debian).
>
>
> OpenSMTPD doesn't have filtering yet - so you would get inundated by spam unless you pipe your mail through some sort of spam filtering service. Keep it in the back of your mind until they do put in filtering (soon, I hear). Meanwhile Postfix is a little tricky to configure, but quite doable.

I think either way I'd need to use spamassassin?

> On the subject of playing with BSDs, I am thinking of playing with Debian GNU/kFreeBSD. The idea of a Debian userland with a kernel that has a decent-enough ZFS implementation is appealing to me. It'd be great for keeping backups nice and compact due to file de-duplication at the FS level.
>

Good point -- I'd forgotten about that. I'm familiar enough with the
debian userland that it might make the learning curve a bit easier.
I'll have to try it out.

thanks,

gavin,


--
Honestly, if you're given the choice between Armageddon or tea, you
don't say 'What kind of tea?'
               -- Neil Gaiman

Gavin Duley
<gavin at microcomaustralia.com.au>
WWW: http://www.gavinduley.org/

More information about the General mailing list