Hi Bruno,
Thank you so much for your email! That's exactly what I want to arrive
at one day. Perhaps one day I will indeed contact you for some specific
advice on configuration.
For now I only got a centralized mail archive with an IMAP server. I
briefly searched the Internet on the IMAP server comparison. Dovecot
seemed like a good choice and I went ahead and installed it. I
configured Dovecot for both client and server certificate authentication.
All went well, but there were a couple of glitches:
* The Dovecot configuration was pretty easy except that the ssl_ca
option should point to a file that is a CONCATENTATION of the CA
certificate file and a valid CRL file. I didn't concatenate the CRL
file, and so the client certificate was rejected. Once I concatenated
the file, it turned out that the CRL was outdated, and so again the
client certificate was rejected. Now it's working. The verbose_ssl
option was very useful in diagnosing these problems.
* Thunderbird (Icedove, actually) doesn't remember my choice of the
client certificate over restarting. But when I chose "Select one
automatically", Thunderbird stopped bugging me, since I have just one
client certificate installed.
For now, all my mail clients receive mail with POP3 and send with SMTP.
Later most probably I will use Fetchmail and Exim to consolidate my
mail accounts on my server.
Best,
Irek
On 07.05.2013 18:12, Bruno Flueckiger wrote:
Hi Irek
I had pretty much the same requirements for my mail server at home as
you have. Over the time I got different mail accounts for different
purposes. So I wanted to consolidate all the accounts on my own server
running in my home network. Since several years (and releases) I'm
running my home mail server under OpenBSD.
The server is not directly reachable as a MX host because I only use a
DynDNS address to access it from outside through a proxy server (nginx
for IMAP and SMTP) also running OpenBSD.
My mail server fetches the mails from all accounts via POP3 with
fetchmail. The mails are delivered to Postfix which acts as the mail
server for my internal domain at home. Postfix then delivers the mail to
my personal user account on the server using procmail. Procmail runs
each mail through ClamAV (antivirus) and SpamAssassin (antispam). Mails
containing viruses are delivered to /dev/null, mails recognized as spam
are delivered to the Spam folder. Every other mail is delivered to the
mail folder specified in the procmail receipt or, if there is no other
destination specified in .procmailrc, to the INBOX.
All mails are stored in ~/mails which is a Maildir folder structure. I
prefer Maildir to store mails because it creates a file for each mail.
This make backup and restore much easier.
I use Courier IMAP to access all my mails through IMAP clients like
Thunderbird (on all my clients) and - since some days - BlackBerry Z10
(access from the Internet through the IMAP proxy feature of nginx). This
way I have always the same sight on my mailbox, no matter which client I
use. No more manual sync or having mails downloaded to the "wrong"
client. My Maildir folders also act as the archive for my mails.
All components on my mail server support of course TLS. I've configured
Postfix and Courier IMAP to support TLS. For this I use my personal PKI.
It is based on a self-signed root CA with two sub CAs, one for client
certificates and one for server certificates.
I make an hourly backup of my mails folder using rsync to one of my NAS.
Additionally there is the daily backup using dump of the whole mail server.
I hope my explanations give some ideas about how you could solve your
problem. Feel free to contact me if you would like to get more details
about the configuration.
Best regards,
Bruno
