1 |
On 4/6/20 6:35 AM, Ashley Dixon wrote: |
2 |
> Hello, |
3 |
|
4 |
Hi, |
5 |
|
6 |
> After many hours of confusing mixtures of pain and pleasure, I have |
7 |
> a secure and well-behaved e-mail server which encompasses all the |
8 |
> features I originally desired. |
9 |
|
10 |
Full STOP! |
11 |
|
12 |
I hoist my drink to you and tell the bar keep that your next round is on me. |
13 |
|
14 |
Very nicely done!!! |
15 |
|
16 |
In all seriousness, running your own email server is definitely not |
17 |
easy. DNS, web, and database servers are easier. |
18 |
|
19 |
This is especially true, by an order of magnitude, if you are going to |
20 |
be sending email and do all of the necessary things to get other mail |
21 |
receivers to be happy with email outbound from your server. |
22 |
|
23 |
~hat~tip~ |
24 |
|
25 |
> However, in the event that I need to reboot the server (perhaps a |
26 |
> kernel update was added to Portage), I would like to have a miniature |
27 |
> mail server which catches incoming mail if, and only if, my primary |
28 |
> server is down. |
29 |
|
30 |
Okay.... |
31 |
|
32 |
> I have Gentoo installation on an old Raspberry Pi (model B+), and was |
33 |
> curious if such a set-up was possible ? |
34 |
|
35 |
Can you get a Raspberry Pi to function as a backup server? Yes. Do you |
36 |
want to do such, maybe, maybe not. |
37 |
|
38 |
I've seen heavier inbound email load on my backup mail server(s) than I |
39 |
have on my main mail server. This is primarily because some, |
40 |
undesirables, send email to the backup email server in the hopes that |
41 |
there is less spam / virus / hygiene filtering there. The thought |
42 |
process is that people won't pay to license / install / maintain such |
43 |
software on the ""backup email server. |
44 |
|
45 |
I encourage you to take a look at Junk Email Filter's Project Tar [1]. |
46 |
|
47 |
Aside: JEF-PT encourages people to add a high order MX to point to |
48 |
JEF-PT in the hopes that undesirable email to your domain will hit their |
49 |
MX, which will always defer the email and never accept it. Their hope |
50 |
is to attract as many bad actors to their system as they can, where they |
51 |
analyze the behavior of the sending system; does it follow RFCs, does it |
52 |
try to be a spam cannon, etc. They look at the behavior, NEVER content, |
53 |
and build an RBL. The provide this RBL for others to use if they |
54 |
desire. — I have been using, and recommending, JEF-PT for more than a |
55 |
decade. |
56 |
|
57 |
JEF-PT could function as the backup MX in a manner of speaking. They |
58 |
will never actually accept your email. But they will look like another |
59 |
email server to senders. As such, well behaved senders will queue email |
60 |
for later delivery attempts. |
61 |
|
62 |
> I also want the solution to be as minimal as possible. I see the |
63 |
> problem as three parts: |
64 |
|
65 |
This type of thinking is how you end up with different spam / virus / |
66 |
hygiene capabilities between the primary and secondary email systems. |
67 |
Hence why many undesirables try secondary email system(s) first. ;-) |
68 |
|
69 |
In for a penny, in for a pound. |
70 |
|
71 |
If you're going to run a filter on your primary mail server, you should |
72 |
also run the filter on your secondary mail server(s). |
73 |
|
74 |
> (a) Convincing the D.N.S.\ and my router to redirect mail to the |
75 |
> alternate server, should the default one not be reachable; |
76 |
|
77 |
DNS is actually trivial. That's where multiple MX records come in to |
78 |
play. — This is actually more on the sending system honoring what DNS |
79 |
publishes than it is on the DNS server. |
80 |
|
81 |
Aside: Were you talking about changing what DNS publishes dynamically |
82 |
based on the state of your email server? If so, there is a lot more |
83 |
involved with this, and considerably more gotchas / toe stubbers to deal |
84 |
with. |
85 |
|
86 |
There are some networking tricks that you can do in some situations to |
87 |
swing the IP of your email server to another system. This assumes that |
88 |
they are on the same LAN. |
89 |
|
90 |
· VRRP is probably the simplest one. |
91 |
· Manually moving also works, but is less simple. |
92 |
· Scripting is automated manual. |
93 |
· Routing is more complex. |
94 |
· Involves multiple subnets |
95 |
· May involve dynamic routing protocols |
96 |
· Manual / scripting .... |
97 |
· NAT modification is, problematic |
98 |
|
99 |
> (b) Creating the alternate mail server to be as lightweight |
100 |
> as possible. I'm not even sure if I need an S.M.T.P.\ server |
101 |
> (postfix). Would courier-imap do the trick on its own (with |
102 |
> courier-authlib and mysql) ? |
103 |
|
104 |
You will need an SMTP server, or other tricks ~> hacks. Remember that |
105 |
you're receiving email from SMTP servers, so you need something that |
106 |
speaks SMTP to them. |
107 |
|
108 |
Courier IMAP & authlib are not SMTP servers. I sincerely doubt that |
109 |
they could be made to do what you are wanting. |
110 |
|
111 |
> (c) Moving mail from the alternate server to the main server once |
112 |
> the latter has regained conciousness. |
113 |
|
114 |
SMTP has this down pat in spades. |
115 |
|
116 |
This is actually what SMTP does, move email from system to system to |
117 |
system. You really are simply talking about conditinally adding another |
118 |
system to that list. |
119 |
|
120 |
Hint: SMTP is the industry standard solution for what you're wanting to |
121 |
do, /including/ getting the email from the alternate server to the main |
122 |
server. |
123 |
|
124 |
> I realise this is a slightly different problem, and is not even |
125 |
> necessarily _required_ for operation, although it's certainly a |
126 |
> nice-to-have. |
127 |
|
128 |
It's not really a different problem. |
129 |
|
130 |
It is really required. Having the email on an alternate server without |
131 |
a way to get the email to the main mail server where all the clients are |
132 |
configured to access it is an untenable situation that is tantamount to |
133 |
not having the email that goes to the alternate server. |
134 |
|
135 |
> What do you think; is this at all possible ? |
136 |
|
137 |
Yes, absolutely possible. |
138 |
|
139 |
> Has anyone here done anything like this before ? |
140 |
|
141 |
Yes, absolutely been done before. |
142 |
|
143 |
What you're asking for can all be hacked together using things other |
144 |
than SMTP. But it is very much that, a hack, cobbled together. |
145 |
|
146 |
Or, you can use SMTP, which you're already using, and does exactly what |
147 |
you're asking to do. |
148 |
|
149 |
> Thanks in advance. |
150 |
|
151 |
[1] https://wiki.junkemailfilter.com/index.php/Project_Tar |
152 |
|
153 |
|
154 |
|
155 |
-- |
156 |
Grant. . . . |
157 |
unix || die |