The last post: Building your own mail server, Part 3

Adding some much-needed spam and virus filtering

54 Reg comments Got Tips?

Other useful tweaks

There are lots of tweaks you can make to a system like this - it's probably impossible to give a definitive config.

The log summary gives you a useful overview of your mail traffic

You can use pflogsumm and other tools to help monitor your mailserver

At the moment, I'm testing the use of the built in Postfix postscreen daemon, which can do some simple checks on inbound connections. I've set it up to check against Spamhaus and Barracuda blocklists, dropping connections if they're listed. It then passes on to the rest of the setup - first Postgrey and then Amavis. Postscreen can, effectively, greylist on its own, but it was simplest to drop it in as a first stage defence.

For backup of user emails, you can install a package like duplicity, which can do incremental backups, using rsync or even to services like Amazon S3. So, this script will do an incremental backup, and a full backup every two months, of all files in /home. Just add it to /etc/weekly.local to schedule it one a week.

ulimit -n 1024
RSYNC_PASSWORD=bigFatSecret duplicity --no-encryption --full-if-older-than 2M /home rsync://backup@some.rsync.server::/path/folder

If you want to be able to create and delete addresses easily, for example to give one to each company you deal with, it's easy to use a database as well as the text file. Change the setting for virtual_alias_maps in to

virtual_alias_maps = hash:/etc/postfix/virtual_alias, mysql:/etc/postfix/

Then create the a file called to say which database and query is used to map an alias to a destination

# alias table for itpa email system
hosts = some.mysql.server
user = myMySQLuser
password = myMySQLpassword
dbname = alias_database
table = aliases
select_field = destination
where_field = aliasname

Then, you could create an alias in MySQL with something like

INSERT INTO aliases ( aliasname, destination ) VALUES ( '','nwmail') ;

And with that, we're more or less done. So, it's over to you - for more comments, tips and suggestions. ®


Keep Reading

TikTok to splurge €420m on Ireland data centre to get Euro-data into Europe by 2022

Nothing but love for regulators, but nothing for hyperscalers despite previous Google Cloud entanglement

Data centre reveals it modeled interiors on The Hunt for Red October sets

Australia bit barn outfit NEXTDC adds classic film reference to usual mix of resilience, connectivity and security

Power of the cloud builders: Who ate one-third of the $38bn data centre pie in Q3? AWS, Microsoft, Google 'n' pals

Old world vendors should club together, form new biz called 'Screwed by Cloud'

Something something DANE cook: Microsoft pledges to wrap its email systems in secure anti-snooping protocol

Office 365 will finally get DNSSEC-based protection later this year

Alarming news: ADT to flog Nest smart home kit after Google ploughs $450m into corporate security dinosaur

Resell agreement set up amid plans to build next gen of home automation and security gear

Enterprises slam pause button on data centre spending, flatten pockets of old world tech crowd

ODMs in Far East make bank as public cloud slingers buy yet more infrastructure

Dell publishes data centre cleaning guidance, suggests hiring pros to disinfect enterprise kit

Urges ‘extreme caution’ if you DIY and reminds you ‘Never spray any liquids directly onto or into any product’

Australia sues Google over data collection practices that merged DoubleClick data to create single user profiles

Alleges opt-in that promised “more control” actually sent more data without informed consent. Google 'strongly disagrees'

Biting the hand that feeds IT © 1998–2020