# Mail server recommendations?



## Reaperzx (Mar 5, 2018)

Hello

I am currently running old FreeBSD 5.5 server with qmail, dspam and dovecot.

I am looking to replace it with new virtualserver and looking for program recommendations.

I like dovecot, so I will keep it.

I need replacement for dspam, that has manual blacklisting and whitelisting!

I need replacement for qmail, where I can disable ALL bounces! currently like 99% of mails going via my server are spam bounces.

Greylisting possibility would also be good.


----------



## SirDice (Mar 5, 2018)

Two of the most popular choices are mail/exim and mail/postfix. Both can be combined with mail/spamassassin and/or security/clamav.


----------



## Reaperzx (Mar 5, 2018)

But can those do what i need?

That is disable bounces and spam whitelisting/blacklisting?


----------



## obsigna (Mar 5, 2018)

Reaperzx said:


> I am currently running old FreeBSD 5.5 server with qmail, dspam and dovecot. I am looking to replace it with new virtualserver and looking for program recommendations.
> I like dovecot, so I will keep it. ...


Since your system is quite old, this is most probably dovecot v1. Version 2 is nowadays in the ports mail/dovecot. This means you cannot simply take the old v1 settings for a new v2 system. Many keywords do not exist and/or have different equivalents. That said, Dovecot 2 would be a good choice. I use it together with mail/postfix.



Reaperzx said:


> I need replacement for dspam, that has manual blacklisting and whitelisting!


In case you are only missing white-/blacklisting, you could adjust this with Postfix before it passes control over to the spam filter.



Reaperzx said:


> I need replacement for qmail, where I can disable ALL bounces! currently like 99% of mails going via my server are spam bounces.



Hmmm..., are you talking about bounces because spammers are fraudulently using sender mail addresses of your domain, and the victims send it back to your server. If this is the case, you want to try putting an SPF TXT record into your domain's zone, something like:

```
v=spf1 mx -all
```



> Greylisting possibility would also be good.


I use mail/greyfix, and I am very satisfied. This one is very easy to setup, it is a tiny C daemon (not a bunch of Perl scripts) and uses a BDB backend. As the name suggests, it is targeted to Postfix.

In the past I deployed The poor man's Greylisting mechanism (also called Nolisting). In your DNS zone, you would put the highest MX to a dead IP address, and the valid MX would have lower priorities. The sender would try the dead MX first and would fail, then only well configured server (hopefully non-spammers), would try a second time using one of the other MX. This worked quite well, however, a real greylist does whitelist valid senders after the second contact.

Actually, nowadays this is a rich man's setup, because it would be best If you could assign a valid public IP address which is dead on port 25 AND is under your control to the hi-pri dead MX, otherwise, there might be some risk that a third party receives e-mails for you.


----------



## Reaperzx (Mar 5, 2018)

obsigna said:


> Since your system is quite old, this is most probably dovecot v1. Version 2 is nowadays in the ports mail/dovecot. This means you cannot simply take the old v1 settings for a new v2 system. Many keywords do not exist and have different equivalents. That said, Dovecot 2 would be a good choice. I use it together with mail/postfix.
> 
> In case you are only missing white-/blacklisting, you could adjust this with Postfix before it passes control over to the spam filter.
> 
> ...



I use dovecot for speed and caching only, no extra features.

Postfix would probably be too cumbersome, would need web interface, that normal non-IT person can manage.

No, spam mails to nonexisting users at my domains are sent to my server. So my server is sending bounces out to 3rd parties. I want those bounces disabled. At last i could disable double bounces, I want single bounces gone too.


----------



## ShelLuser (Mar 5, 2018)

The problem is that basically any MTA can handle what you need so it mostly boils down to personal prefernce. Since you mentioned Greylisting I'm very happy with mail/postgrey myself to handle all that, it works in combination with mail/postfix.

But having said that my other server relies fully on Sendmail (the MTA which came with the base system) and I have to say that I also quite like that one. It takes getting used to, but once you learned Sendmail you'll see that its M4 scripting basically allows you to make it do whatever you want.

Of course it can also be quite difficult   I still haven't fully figured out how to use Greylisting in combination with Sendmail for example (also never really bothered).

I've replaced DSpam with Spamassasin (mail/spamassasin) quite a long time ago and never looked back. It should be able to do what you want, but... best to try it out.

I'd first worry about getting your ancient system up to date though, that could be a challenge in itself.

(edit)

I've also become quite displeased with Dovecot over the years because it has become awfully bloated in my opinion. In the latest developments they're even talking about adding a chat server to the program, ugh...  So I've been using mail/cyrus-imapd25 for a while now and I like this much better. Despite its name it also handles POP3.


----------



## Reaperzx (Mar 5, 2018)

I won't touch the old system it works as long it works. So that's why it will be replaced with new 11.1 from scratch.


----------



## vejnovic (Mar 5, 2018)

You may use security/maia. It is a complete mail server.
Here is the tutorial: http://www.purplehat.org/?page_id=4


----------



## Reaperzx (Oct 14, 2019)

So, I am finally again planning to move mail to new server (currently running FreeBSD 12.0).

I have managed to get *postfix* and *dovecot* running. Currently using temporary test domain. Ready to change DNS entries and postfix conf, when I move.

But the only thing missing now is spam protection. I have read some guides about SpamAssassin, but fail to understand, how it works:
http://www.freebsdonline.com/content/view/556/506/

SpamAssassin does not seem to have a web interface... So how do I manage quarantine?

At minimum I would like to have at least the same functionality, as DSPAM. Currently when e-mails are marked spam, they are kept in quarantine (I guess that is in SQL). Using Web interface I can manage the spam: either delete or deliver them.

Rspamd is also an option:
https://www.c0ffee.net/blog/mail-server-guide/#rspamd

But this one doesn't seem to have web interface either...

*vejnovic*: I did check the Maia-Mailguard guide several times and tried to follow it. But it has so many steps for configuration so it just made my head hurt and I gave up...


----------



## diizzy (Oct 14, 2019)

Another option would be to buy the service as it's more or less a cat and mouse game in the end and you can get away with very little on yearly bases unless you host a lot of mail accounts.


----------



## drhowarddrfine (Oct 14, 2019)

Reaperzx Why does a web interface have anything to do with it?


----------



## CyberCr33p (Oct 14, 2019)

I recommend Rspamd instead of SpamAssassin.


----------



## rootbert (Oct 14, 2019)

and I recommend using postfix internal postscreen instead of postgrey


----------



## Reaperzx (Oct 15, 2019)

drhowarddrfine: Well, somehow I must manage the Quarantine. Curently for managing DSPAM I have dspam.cgi, that does what I need.

diizzy: Some examples offering spam filtering service would be good. Although forwarding your mail to some 3rd party provider does not sound very good. NSA is bad enough, no need for another spy. Also woul like to keep costs down. Currently paying 26 EUR/month for Tilaa virtual server. That does both web and (hopefully) mail in the future. And some other custom services.

I guess I am forced to replace the old FreeBSD 5.5 machine now, cause it seems to die from hardware failure  I hope I can avoid fishing ebay for working Socket 754 mainboard...

I think if I had to do it again I would choose some turnkey solution, for example Mail-in-a-Box:
https://mailinabox.email/

No need for all those arcane configuration commands...

EDIT:

Rspamd seems to have WebUI:
http://rspamd.com/webui/

Although I don't understand yet if it has Quarantine management via web.


----------



## usdmatt (Oct 15, 2019)

I'm currently using the following after years of various other options -

Postfix
Dovecot
Rspamd
Roundcube

I'm amazed it took me so long to move from Sendmail to Postfix.

I finally moved to Dovecot after various users asked for sieve support. To me it seems the most complete and compliant pop3/imap server. For years I used courier but that enforced an 'INBOX' prefix which sometimes required setting manually in the client and other times didn't. Unfortunately I'm now stuck with it and had to replicate the setting in Dovecot to not break existing users.

Rspamd seems to be the first antispam package that actually gets close to the capture rate of our old barracuda appliance. It also seems to perform quite well and the web interface is very basic but useful for stats/viewing recent message logs. I do however run this on a standalone server and use it purely as a relay (mail points at the rspamd server which simply forwards it onto my pop3/imap servers). I also have several of the unofficial clamav signature packs as the defaults don't seem to catch much.

rspamd assigns a score to messages which is added to the header (if it's not so high the message is blocked entirely). In order to support sieve, I use Dovecot as my LDA, which allows me to automatically push any mail above a certain score to the users spam folder. (You could also do this with Procmail).  This is preferable to me as users can view their spam folder via Webmail or IMAP client and delete/move messages as and when they want. With our old barracuda it would quarantine messages, but users wouldn't know about it until they got the daily report and retrieving them was more hassle than just having direct access to a spam folder.

rspamd has greylisting built in, but I eventually turned it off after multiple users trying to get password reset emails, which ideally you want straight away, which were stopped for 15+ minutes due to the sending server being a previously unseen client. I like the idea of greylisting in general but it also isn't ideal when users expect messages to be delivered pretty much instantly.

Roundcube isn't perfect but I've not come across anything else that works as well as it does. It also supports sieve directly so users can create message rules that actually run directly in Dovecot during delivery.

The only thing I don't really have at the moment is user defined whitelist/blacklist.

I'm sure some of the fully self-contained mail systems in ports work quite well but I've never tried any of them.


----------



## 6502 (Oct 15, 2019)

What about iRedMail? The description sounds like easy to install solution.


----------



## drhowarddrfine (Oct 15, 2019)

Reaperzx said:


> Well, somehow I must manage the Quarantine.


I don't know what Quarantine is. Why does it need a GUI to work?


----------



## Reaperzx (Oct 15, 2019)

Well, currently when mail is marked as spam by dspam, it goes to quarantine. From there i can either delete it or deliver it (false positive). Of couse it needs GUI to work, how else could I manage it?


----------



## drhowarddrfine (Oct 15, 2019)

Reaperzx I don't know anything about dspam either but why can't it be done with a simple text editor like vim?


----------



## Reaperzx (Oct 15, 2019)

I really don't understand how you would manage quarantine (that is kept in SQL in DSPAM case) with text editor?


----------



## drhowarddrfine (Oct 15, 2019)

Reaperzx Ok. I did not know it was kept in a database.


----------



## Reaperzx (Oct 15, 2019)

Well, I guess some other method of managing SPAM is also possible. It's just last 15 years I have managed my e-mails one way with dspam and maybe I don't even imagine other way.

Currently at work in big company we use Retarus for filtering our e-mails for spam. Every user gets web link for managing his quarantine, whitelist and blacklist. But this is commercial service, I don't even want to know how much it costs. They don't have prices at their home page, that is already saying something.

usdmatt: Do I understand right, that with Rspamd the SPAM e-mail gets collected in special IMAP folder and you use IMAP client (like Thunderbird) for managing spam? I guess that is possibility too. What must be done that those SPAM mail must be all marked READ immediately. Otherwise you would get annying "ding" every time you receive SPAM e-mail. I guess that could also be done with procmail. Also there should be some system for deleting SPAM mail older than X months.

For webmail I used Squirrelmail for years, but recently moved to RainLoop.

EDIT: I think I don't want greylisting either. Nowadays people expect email to arrive in a minute or maximum two.


----------



## usdmatt (Oct 16, 2019)

Yes, I can just go into the Junk folder in outlook/phone/webmail to see emails that were considered spam.
I suspect all the antispam systems add (or can be configured to add) a header to the email, so procmail or dovecot can be used to sort them into specific folders.

None of my clients (Outlook & iOS) give a new message alert for emails that are not in the Inbox.

With Dovecot it seems (just found this out and tried it) that I can use the doveadm command to remove old spam emails.

```
doveadm expunge -u username mailbox INBOX.Junk SENTBEFORE 1-Jan-2019
```


----------



## CyberCr33p (Oct 17, 2019)

Reaperzx said:


> usdmatt: Do I understand right, that with Rspamd the SPAM e-mail gets collected in special IMAP folder and you use IMAP client (like Thunderbird) for managing spam?



Rspamd doesn't do it by default. It just marks a message as Spam.

You need a "sieve_before" script in dovecot.conf to move it in Junk folder:


```
...
plugin {
sieve_before = /usr/local/lib/dovecot/sieve/antispam.sieve
...
}
```

And here is my antispam.sieve :


```
require ["fileinto"];

if header :is "X-Spam" "Yes" {
        fileinto "Junk";
        stop;
}
```


----------



## msplsh (Oct 17, 2019)

Reaperzx said:


> I really don't understand how you would manage quarantine (that is kept in SQL in DSPAM case) with text editor?



I have Dovecot and Postfix tables hooked up to SQLite tables in a database that I built a JSON-RPC interface for in PHP.  I then just call that via whatever.  Unfortunately you have to build them from ports when you do this.


----------



## Reaperzx (Oct 21, 2019)

Ok, I have moved mail to new server. postfix + rspamd + dovecot.

In case anyone needs, here is procmail filter for moving mail to Spam folder and marking them read:


```
:0
* ^X-Spam: YES
{
foldername=$HOME/Maildir/.Spam/

:0c
$foldername/

:0
* LASTFOLDER ?? /\/[^/]+$
{ tail=$MATCH }

TRAP="mv $foldername/new/$tail* $foldername/cur/$tail:2,S"

HOST

}
```


----------



## Reaperzx (Oct 21, 2019)

What settings do you use for Rspamd?

I currently set up in actions.conf:


```
actions {
    reject = 30; # Reject when reaching this score
    add_header = 6; # Add header when reaching this score
    greylist = null; # Apply greylisting when reaching this score
    }
```


----------



## Reaperzx (Oct 23, 2019)

What do you recommend for visualization? Like graphs mail/minute, spam/minute, mail queue, etc?

Command lines for getting numbers are fine, so I could get data to MRTG


----------



## Lamia (Oct 23, 2019)

Reaperzx said:


> What do you recommend for visualization? Like graphs mail/minute, spam/minute, mail queue, etc?
> 
> Command lines for getting numbers are fine, so I could get data to MRTG


Mailscanner with Mailwatch. It is not a smooth install on FBSD unlike Linux(Ubuntu) that it's manual was written for.


----------



## Reaperzx (Oct 28, 2019)

I now turned off the old mail server. Permanently.

Thank you *FreeBSD 5.5*, you have served me well. 


Ok, graphing feels too complicated and unnecessary, I think I will skip it.

RSPAMD works mostly fine. So far have had only few false positives (newsletters I am interested in) and one spam miss (spam mail written in German).

Still looking for options for whitelisting. Did search for that, but seems complicated in Rspamd:

https://rspamd.com/doc/modules/whitelist.html

https://gist.github.com/ThomasLeister/f41adad98bb46d0c8418de50b5efb4a0

Rspamd own documentation is completely incomprehensible for me. Some kind of DKIM and  DMARC - I don't even understand what those are. I know SPF, but most domains don't use it anyway. So I just would like to whitelist e-mail from certain domains or certain e-mail addresses.


----------



## Lamia (Oct 28, 2019)

Reaperzx said:


> I now turned off the old mail server. Permanently.
> 
> Thank you *FreeBSD 5.5*, you have served me well.
> 
> ...


DKIM, SPF, DMARC and DANE  are recommended for email servers and SSL is recommended for web servers. In fact, most of your outgoing emails will be dropped (i.e. undelivered) without most of them.
They provide identity [by means of electronic signature], protect from phishing, guide from simple attacks (*wares) and a few other things.


----------



## Reaperzx (Oct 28, 2019)

Fortunately my e-mail server is mostly for incoming mail.

Outgoing mail goes via ISP SMTP server. Without any security or authentication.

When traveling, I am using SMTP2GO for outgoing mail.


----------

