# Advice for serving mail for small company



## drhowarddrfine (Mar 15, 2014)

For the first time, I've run into a situation where I think I need to run a mail server for someone who's growing in size to where they need about 10-15 business email accounts. In the past, I've just had email sent to `somebody@company.com` forwarded to their personal email address but they say some of them are getting their folders clogged up with business email and it's hard to sort them out. I know it's possible to configure GMail and Thunderbird to handle that but then there's the problem of responding to email and accidentally revealing their personal address. Even if you conceal that in the "From" part, someone with a little bit of knowledge can look at the original and find it.

On the one hand, I could just say they have to come to their site and log in to their email account to read/write email, but this is less convenient than getting a notification in GMail on their phone and responding from there cause there is no office and they're typically on the road or at home. Of course, I can just say "tough" and send them a "You've got mail" notice and they have to visit their account on the business site.

I'm thinking someone with far more experience than me is going to tell me, "Yep, that's how it works," but I'm asking all this in case there's a better solution. What do other company's do?


----------



## ondra_knezour (Mar 15, 2014)

I am not sure, if I got your question right, but I don't see anything too tricky here.

You mentioned the Thunderbird, which (beside others) can manage multiple identities and/or mail accounts.

On the server side you probably already have the Sendmail, which you may like to recompile with the TLS support. The NSA reads your thoughts when sitting on the toilet, but whole Internet doesn't have to. Also some antispam and antivirus protection would be nice, mail/mimedefang and mail/spamassassin works for me, considering give a try to mail/mailscanner. Add an IMAP server and some webmail and you are good to go. I am running mail/dovecot2 with mail/dovecot2-antispam-plugin and mail/dovecot2-pigeonhole, mail/roundcube as a webmail with mail/roundube-sieverules and mail/roundcube-thunderbird_labes. Dozens of users with all those Thunderbirds, Outlooks, iPads/iPhones, Android phones and tablets, no complaints so far (except that the Outlook doesn't handle 25 GB mailbox very well, but this one should be addressed to Redmont)-


----------



## kpa (Mar 15, 2014)

Sendmail is TLS enabled out of the box in FreeBSD, you only need to create the certificates and keys and tell sendmail how to find them. What you do need to get SMTP AUTH working is to add SASL support to it. The handbook has an article how to do it:

http://www.freebsd.org/doc/en_US.ISO885 ... -Auth.html

I would however do it differently and use the mail/sendmail port in place of the builtin sendmail with the SASL option turned on (you'll probably have to compile the port yourself with custom options). The reason is that in my opinion the base system services shouldn't depend on ports or packages. Using the port for sendmail moves the service out of base and no such dependency can exist.


----------



## drhowarddrfine (Mar 15, 2014)

Thanks @ondra_knezour. I know what tools to use (your post was helpful) but I'm just not sure of myself to know if the technique or methodology. Many of those 10-15 users are not business people but need an email account and I don't know how much effort they will put into setting up their readers to handle that. Of course, maybe that's the problem I'll have to deal with but, again, what about users who send company email from those personal Thunderbird/GMail accounts and forget to set it to the company account?


----------



## ondra_knezour (Mar 15, 2014)

Sorry about confusion, @kpa is right about the reason why I had to recompile the Sendmail. I would also recommend to go with mail/sendmail, but never had enough time to test it, so I am still using Sendmail from base with the SASL and LDAP compiled in. Pure hell from the maintainability view.

There are several ways how to autodiscover the e-mail client settings via a file on server, DNS record etc. Thunderbird supports them, also quick googling shows that Android in general may be aware at least of some of them. In such scenario users just type in their address like person@example.com, client discovers settings and ask user for password. All done.

There is probably no easy solution for messing things on the client side. It is same case as if one is still using form X for request where  form Y is in place. You can tell them "THE OTHER PAPER" billion times, but some persons will never change.

All clients I am aware of replies from account which got given message, so no problem here. If somebody is regullary messing things up with new messages, then probably only some policy like don't configure personal e-mail in work and working one at home, use webmail instead may help.


----------

