I
I
Ivan Rivan @Ivan2021-11-22 15:01:47
Mail server
Ivan Rivan @Ivan, 2021-11-22 15:01:47

What to be prepared for when setting up Postfix on an Ubuntu VPS?

There is mail on shared hosting, but there is no way to configure it in any way.
On the same hosting, you can rent a VPS with Ubuntu by installing your mail server on it.

Questions:

1) What difficulties can you face when switching to your mail server on a VPS and setting up Postfix?
Do I understand correctly that it will be enough to edit a few lines in the config, change mail DNS and there should not be any difficulties?

2) If earlier it was possible to use mail through the hosting provider's web interface, does Postfix have a web interface for users?

3) This article about setting up a mail server, talks about setting up mynetworks:

important setting. It allows you to specify which servers can forward mail through the Postfix server. Typically, only mail from local client computers is allowed. Otherwise, spammers may be interested in your server.

Do I understand correctly that this is only needed when users and the mail server are on the same network? And if the mail server is on a VPS on the Internet, is it useless to set up mynetworks? What is the likelihood that spammers will be interested and will be able to somehow use the mail server for their own purposes?

4) What additional settings and measures will have to be carried out against spammers?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
D
Drno, 2021-11-22
@Drno

1. With the setting of all dns records, mx and other things. Backup settings. Service.
2.yes
3.useless
4. Prohibit registration
It is better to hire a person for this business
The easiest option is to simply change the mail provider, where the settings you need will be

V
Vladimir Korotenko, 2021-11-23
@firedragon

I would recommend installing corporate mail from Google Yandex or Microsoft.
Mail, as rightly noted, is now a big crap.
Here is just a general list of problems
1. make a little mistake and all your letters go to spam
2. make a little mistake and you are in your blacklists, and your letters are already rejected at the sending stage
3. spammers, there is no normal spam cutter now, well, or for solid money
4. web muzzle for mail, this is a separate song
5. calendars

K
Konstantin, 2021-11-22
@BHop

1) With different ones. In addition to prescribing DNS, you will need to find out what SPF and DKIM are, and configure them accordingly.
2) The web interface exists, but it is not included in Postfix. For example, Roundcube. In order not to bother, you can install a free mail service like iRedMail, based on the same Postfix, it already includes several different wrappers for web mail, including Roundcube. Installation is elementary, but only on a clean system.
3) The probability that spammers will be interested is slightly less than 100%, so you will have to figure out the mailer configs to configure anti-spam.
4) The same iRedMail has a built-in antispam, but the correct configuration of the Postfix configs itself will already beat off the lion's share of spam with crooked senders that do not pass minimal checks.

A
Alexander Falaleev, 2021-11-22
@suffix_ixbt

1.
Testing on https://www.checktls.com/
a) Testing
first:
TestFrom:
TLS:Successful
From:[email protected]
Via:185.248.101.86
Date:2021-05-26 15:30:33
TLSv1_3
SSLCipher :TLS_AES_256_GCM_SHA384 SPF_mfrom.Record:v=spf1 ip4
:185.248.101.86 -all SPF_mfrom :
pass: local="babai.ru: 185.248.101.86 is authorized" : local="mail.babai.ru: 185.248.101.86 is authorized" DKIM:pass: signature="@babai.ru" result="pass" DKIM_policy.sender:"o=-", location="babai.ru" , result="accept" DKIM_policy.author:"o=-",location="babai.com", result="accept"
DKIM_policy.ADSP:"dkim=discardable", location="babai.ru", result="accept"
DMARC_result:pass
DMARC_dkim:pass
DMARC_dkim_align:strict
DMARC_spf:pass
DMARC_spf_align:strict
DMARC_published.v:DMARC1
DMARC_published.p:reject
DMARC_published. sp:reject
DMARC_published.adkim:s
DMARC_published.aspf:s
DMARC_published.rua:mailto:[email protected]
DMARC_published.ruf:mailto:[email protected]
b)
Then we test in the same place:
TestTo:
checktls.jpg
3.
The mail server certificate must be set to A + and with all the "green" boxes (compliance with standards).
https://www.immuniweb.com/ssl/mail.babai.
Well, then you will need to configure postfix itself, spamassassin, dovecot, clamav and, of course, fail2ban to filter out hackers, etc. etc.
Therefore, as I and other respondents have already written to you in the comments - refer to a competent postmaster! According to the manuals, you will not succeed in anything worthwhile - the ip of your mail server will fall into the blacklists and the hoster will kick you out!

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question