| 1 |
On 4/6/20 6:35 AM, Ashley Dixon wrote: |
| 2 |
> Hello, |
| 3 |
|
| 4 |
Hi, |
| 5 |
|
| 6 |
> After many hours of confusing mixtures of pain and pleasure, I have |
| 7 |
> a secure and well-behaved e-mail server which encompasses all the |
| 8 |
> features I originally desired. |
| 9 |
|
| 10 |
Full STOP! |
| 11 |
|
| 12 |
I hoist my drink to you and tell the bar keep that your next round is on me. |
| 13 |
|
| 14 |
Very nicely done!!! |
| 15 |
|
| 16 |
In all seriousness, running your own email server is definitely not |
| 17 |
easy. DNS, web, and database servers are easier. |
| 18 |
|
| 19 |
This is especially true, by an order of magnitude, if you are going to |
| 20 |
be sending email and do all of the necessary things to get other mail |
| 21 |
receivers to be happy with email outbound from your server. |
| 22 |
|
| 23 |
~hat~tip~ |
| 24 |
|
| 25 |
> However, in the event that I need to reboot the server (perhaps a |
| 26 |
> kernel update was added to Portage), I would like to have a miniature |
| 27 |
> mail server which catches incoming mail if, and only if, my primary |
| 28 |
> server is down. |
| 29 |
|
| 30 |
Okay.... |
| 31 |
|
| 32 |
> I have Gentoo installation on an old Raspberry Pi (model B+), and was |
| 33 |
> curious if such a set-up was possible ? |
| 34 |
|
| 35 |
Can you get a Raspberry Pi to function as a backup server? Yes. Do you |
| 36 |
want to do such, maybe, maybe not. |
| 37 |
|
| 38 |
I've seen heavier inbound email load on my backup mail server(s) than I |
| 39 |
have on my main mail server. This is primarily because some, |
| 40 |
undesirables, send email to the backup email server in the hopes that |
| 41 |
there is less spam / virus / hygiene filtering there. The thought |
| 42 |
process is that people won't pay to license / install / maintain such |
| 43 |
software on the ""backup email server. |
| 44 |
|
| 45 |
I encourage you to take a look at Junk Email Filter's Project Tar [1]. |
| 46 |
|
| 47 |
Aside: JEF-PT encourages people to add a high order MX to point to |
| 48 |
JEF-PT in the hopes that undesirable email to your domain will hit their |
| 49 |
MX, which will always defer the email and never accept it. Their hope |
| 50 |
is to attract as many bad actors to their system as they can, where they |
| 51 |
analyze the behavior of the sending system; does it follow RFCs, does it |
| 52 |
try to be a spam cannon, etc. They look at the behavior, NEVER content, |
| 53 |
and build an RBL. The provide this RBL for others to use if they |
| 54 |
desire. — I have been using, and recommending, JEF-PT for more than a |
| 55 |
decade. |
| 56 |
|
| 57 |
JEF-PT could function as the backup MX in a manner of speaking. They |
| 58 |
will never actually accept your email. But they will look like another |
| 59 |
email server to senders. As such, well behaved senders will queue email |
| 60 |
for later delivery attempts. |
| 61 |
|
| 62 |
> I also want the solution to be as minimal as possible. I see the |
| 63 |
> problem as three parts: |
| 64 |
|
| 65 |
This type of thinking is how you end up with different spam / virus / |
| 66 |
hygiene capabilities between the primary and secondary email systems. |
| 67 |
Hence why many undesirables try secondary email system(s) first. ;-) |
| 68 |
|
| 69 |
In for a penny, in for a pound. |
| 70 |
|
| 71 |
If you're going to run a filter on your primary mail server, you should |
| 72 |
also run the filter on your secondary mail server(s). |
| 73 |
|
| 74 |
> (a) Convincing the D.N.S.\ and my router to redirect mail to the |
| 75 |
> alternate server, should the default one not be reachable; |
| 76 |
|
| 77 |
DNS is actually trivial. That's where multiple MX records come in to |
| 78 |
play. — This is actually more on the sending system honoring what DNS |
| 79 |
publishes than it is on the DNS server. |
| 80 |
|
| 81 |
Aside: Were you talking about changing what DNS publishes dynamically |
| 82 |
based on the state of your email server? If so, there is a lot more |
| 83 |
involved with this, and considerably more gotchas / toe stubbers to deal |
| 84 |
with. |
| 85 |
|
| 86 |
There are some networking tricks that you can do in some situations to |
| 87 |
swing the IP of your email server to another system. This assumes that |
| 88 |
they are on the same LAN. |
| 89 |
|
| 90 |
· VRRP is probably the simplest one. |
| 91 |
· Manually moving also works, but is less simple. |
| 92 |
· Scripting is automated manual. |
| 93 |
· Routing is more complex. |
| 94 |
· Involves multiple subnets |
| 95 |
· May involve dynamic routing protocols |
| 96 |
· Manual / scripting .... |
| 97 |
· NAT modification is, problematic |
| 98 |
|
| 99 |
> (b) Creating the alternate mail server to be as lightweight |
| 100 |
> as possible. I'm not even sure if I need an S.M.T.P.\ server |
| 101 |
> (postfix). Would courier-imap do the trick on its own (with |
| 102 |
> courier-authlib and mysql) ? |
| 103 |
|
| 104 |
You will need an SMTP server, or other tricks ~> hacks. Remember that |
| 105 |
you're receiving email from SMTP servers, so you need something that |
| 106 |
speaks SMTP to them. |
| 107 |
|
| 108 |
Courier IMAP & authlib are not SMTP servers. I sincerely doubt that |
| 109 |
they could be made to do what you are wanting. |
| 110 |
|
| 111 |
> (c) Moving mail from the alternate server to the main server once |
| 112 |
> the latter has regained conciousness. |
| 113 |
|
| 114 |
SMTP has this down pat in spades. |
| 115 |
|
| 116 |
This is actually what SMTP does, move email from system to system to |
| 117 |
system. You really are simply talking about conditinally adding another |
| 118 |
system to that list. |
| 119 |
|
| 120 |
Hint: SMTP is the industry standard solution for what you're wanting to |
| 121 |
do, /including/ getting the email from the alternate server to the main |
| 122 |
server. |
| 123 |
|
| 124 |
> I realise this is a slightly different problem, and is not even |
| 125 |
> necessarily _required_ for operation, although it's certainly a |
| 126 |
> nice-to-have. |
| 127 |
|
| 128 |
It's not really a different problem. |
| 129 |
|
| 130 |
It is really required. Having the email on an alternate server without |
| 131 |
a way to get the email to the main mail server where all the clients are |
| 132 |
configured to access it is an untenable situation that is tantamount to |
| 133 |
not having the email that goes to the alternate server. |
| 134 |
|
| 135 |
> What do you think; is this at all possible ? |
| 136 |
|
| 137 |
Yes, absolutely possible. |
| 138 |
|
| 139 |
> Has anyone here done anything like this before ? |
| 140 |
|
| 141 |
Yes, absolutely been done before. |
| 142 |
|
| 143 |
What you're asking for can all be hacked together using things other |
| 144 |
than SMTP. But it is very much that, a hack, cobbled together. |
| 145 |
|
| 146 |
Or, you can use SMTP, which you're already using, and does exactly what |
| 147 |
you're asking to do. |
| 148 |
|
| 149 |
> Thanks in advance. |
| 150 |
|
| 151 |
[1] https://wiki.junkemailfilter.com/index.php/Project_Tar |
| 152 |
|
| 153 |
|
| 154 |
|
| 155 |
-- |
| 156 |
Grant. . . . |
| 157 |
unix || die |
Archives