Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

On 27 Oct 2020, at 19:38, lists  wrote:
> And which email clients can do this? 

Microsoft Outlook and Mail (Windows 10 and iOS) and Apple Mail in macOS and iOS 
and iPadOS, at least.

> A defacto standard needs to be adopted. If I don't provide SPF or DKIM, I am 
> likely to be deemed spammy, hence a defacto standard has been established. I 
> don't see this with TOTP.

Those almost certainly cover a majority of email client users. And most gmail 
users simply use the web browser.

-- 
"Thank you for sending me a copy of your book; I'll waste no time
reading it." - Moses Hadas

Re: Looking for a guide to collect all e-mail from the ISP mail server

[John Stoffel]

> "lists" == lists   writes:

lists> Ditto this. I pay for a VPS because I don't want my home facing
lists> the internet. If the VPS gets hacked, that is as far as they
lists> get.

Same here, I do this as well.

lists> You could do a mail server on a $5 Digital Ocean or Linode VPS
lists> if you don't run SpamAssassin.  Rather than have your email
lists> server on a 10 year old laptop, you let someone else maintain
lists> the hardware. You can and should image your VPS or pay for
lists> imaging. I do both.

Linode is better, if only because charter.net is blocking all of
Digital Ocean's netblocks for email.  Sigh...

lists> My pipe to the outside world is around 800mbps. I couldn't do
lists> that at home. I don't have to worry about leaving a computer
lists> running while on vacation.

Same here!

lists> Should the OP want to join the real world, here again in the
lists> guide I use. I like this person's approach because you can test
lists> each step. The maintenance is gui free. From start to finish
lists> figure on three hours. That includes setting up the VPS, spf,
lists> and DKIM. I strongly encourage Centos. I don't use it at home,
lists> but it is great for a server. It is a long term disty.

This nice thing about a VPS is that it's got redundant power,
networking, cooling, etc.  I pay $5/mon and another $6/qtr for my
domain DNS hosting.  Trivial costs for my own domain.

Dovecot, postfix, spamassasin, etc.  If you need more anti-spam, then
you'll need to spend $10/mon for a bigger memory VM in my expierence.

John

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

> On 26 Oct 2020, at 09:11, R. Diez  wrote:
> 
>>> 
>>> I would not advice any company that is continuously being fined for 
>>> breaking the law.
> 
>> This is not only an overstatement, it is completely irrelevant.  Given the 
>> OP problem
>> statement (small business, part-time admin, newbie to mail servers), I do 
>> not think there is a better solution
>> A small server already costs 20 USD / month, running a mail server consumes 
>> a significant amount of resources, and as the OP mentions running a mail 
>> server also represents a high security risk.
> 
> 
> Guys, this kind of advice is not helping me either.
> 
> First of all, I want to learn how to do it, just for fun. Even if paying for 
> a hosted solution is an economically better solution. It's not for me to 
> decide anyway.

If you want to do it for fun and learning, setup a private mail server for 
yourself and maybe some friends. You do not have "fun" with a company's emails, 
not even a non-profit. ESPECAILLY since you have rather sepcific legal 
restrictions and requirements on that email.

Doing it yourself is possible IF you already know what you are doing very well. 
Doing this yourself as a "fun learning experiment" is irresponsible.

> I will not recommend Google. Ever heard of data protection and data 
> confidentiality? And then you are completely dependent. Your are nothing for 
> a huge company like Google. If they lose your complete e-mail database, they 
> will tell you that they are awfully sorry. If at all.

You are still confusing two very different things, the paid Google hosting 
service and the free gmail service. They are not the same thing. You paranoia 
is based on ignorance. You do not, obviously have to go with Google. There are 
many other choices. Hundreds. Your government may even have a list of companies 
that comply with German and European laws.

> And no, running a mail server does not "consume a significant amount of 
> resources". Any 10-year-old laptop can easily cater for a small business.

That depends. You need to find an 18yo laptop that can run a current OS with 
current security libraries, so that's a stretch right there. And while it may 
not consume a lot of CPU resources, it consumes a lot of human/brain resources. 
It takes knowledge which takes time. Your idea that you can just setup a 
mialserver and walk away and never look at it again is laughable.

> Besides, paying $6/user/month is actually very expensive for some small 
> organisations.

Depends on what the cost of, for example, having all your email ransomwared or 
published to some website costs. If your non-profit gets funding, your country 
and the EU have very strict laws on the security of email and the requirement 
to keep it archived and to ensure the data cannot get out. You may be facing 
serious fines or even jail time if you setup an mail server badly that results 
(as it almost surely will) a third party accessing that mail.

> If you have 20 volunteers coming to the help in a small public library once a 
> month, that would be $1440 a year just for e-mail services.

If you feel the need to give 20 volunteers individual, personal email 
addresses, sure. $1500 a year for any sort of business, even a non-profit, is 
not a significant cost.

> Most such people would continue to use private Hotmail addresses. I would 
> rather install a Synology NAS and use whatever e-mail service it comes with 
> it.

You have to pay for that too.

> An on-premise mail server is, and should be, virtually free,

It is not. You need someone to admin it. You need someone to be vigilant and 
see when things are going wrong, or when an intruder has gained access, or when 
your DNS has expired, or your certificates need to be renewed, or a major 
system update is required. You also need (well, should have) a  backup server, 
UPS systems (check those batteries!) and a whole host of other things that need 
to be done.

> at least for a basic e-mail service. No need for cloud. No need to expose any 
> ports. No need to configure the firewall. No need to ask anything from your 
> ISP.

You cannot send or receive any email if all your ports are closed. In order to 
communicate with anyone else, you must have the ability to connect to them.

But it sure sounds like you've made up your mind to make the worst decision and 
are ignoring the advice of many people who do this all day, everyday. Good luck 
with that.

Please check with your legal counsel first, you may be shocked as to what the 
EU and Germany actually require and what penalties you face when you decide to 
ignore those requirements. For example, are you aware that Germany requires TLS 
encryption on all email? And has more stringent E2EE requirements on many 
emails?

-- 
"Let's get back to syntax of procmail and forget the syntax of
fools." Don

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

On 25 Oct 2020, at 22:51, Sebastian Nielsen  wrote:
>>> why not just point them at a hosting service like google apps, and let
>> google keep things up to date?
> 
> Costs money,

Yes. That is a *good* thing. Running an unmaintained mail server is a BAD thing.

> and also the problem is that gmail imposes heavy spam filters
> and "reputation blocks" meaning smaller providers with low email volumes,

I think you are confusing gmail and google apps (or whatever it is called now, 
seems to change all the time).

> Another thing is that you cannot impose IP restrictions when using Google
> Apps, or have SSO with trusted access from inside the office. (for example -
> scan your badge at the office door, your personal computer is automatically
> logged on and you get access to everything).

Wow. That sounds sooper not secure.

> With locally hosted servers, of course you have to keep them updated. Most
> linux distributions can keep them updated automatically.

You cannot keep a mail server automatically updated, sorry. That is a fantasy.

You can either spend money on someone know knows what they are doing in-house 
(more secure, more control, more money), or you can spend money on outsourcing 
someone who knows what they are doing (less money). The other option involves a 
pair of smoking boots and a crater and I do not recommend it.

-- 
Nothing like grilling a kosher dog over human hair to bring out the
subtle flavors.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[@lbutlr]

On 25 Oct 2020, at 22:47, Sebastian Nielsen  wrote:
> The second way, is to not have webmail at all, but instead have a 
> authentication gateway in browser, where you must auth with 2FA and captcha. 
> The only purpose of this gateway, is to authenticate users with 2FA before 
> their IP is whitelisted.

I mostly agree with the sentiments in your email, but whitelsiting IP addresses 
is a HORRIBLE idea and a massive gaping security hole and using a captcha is 
only slightly less horrible and user-hostile. If you are using 2FA there is 
absolutely no reason to use a captcha.

A 2FA gateway that reverse proxies the webmail is quite good, but enforcing 
good passwords and using TLS is good enough for nearly all use cases.

(I recently upped the minimum password length from 12 characters)

-- 
Ah we're lonely, we're romantic / and the cider's laced with acid /
and the Holy Spirit's crying, Where's the beef? / And the moon is
swimming naked / and the summer night is fragrant / with a mighty
expectation of relief

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

  Ditto this. I pay for a VPS because I don't want my home facing the internet. If the VPS gets hacked, that is as far as they get. You could do a mail server on a $5 Digital Ocean or Linode VPS if you don't run SpamAssassin. Rather than have your email server on a 10 year old laptop, you let someone else maintain the hardware. You can and should image your VPS or pay for imaging. I do both. My pipe to the outside world is around 800mbps. I couldn't do that at home. I don't have to worry about leaving a computer running while on vacation. Should the OP want to join the real world, here again in the guide I use. I like this person's approach because you can test each step. The maintenance is gui free. From start to finish figure on three hours. That includes setting up the VPS, spf, and DKIM. I strongly encourage Centos. I don't use it at home, but it is great for a server. It is a long term disty. I should point out for ease of maintenance, use packaged software. You don't want to be compiling code for updates. Stick with IPV4. I have used this person's blog for a few operating systems.https://blog.andreev.it/?p=1975Poke around for the correct OS. I only set up dovecot and postfix. Keep it simple. You then need opendkim. I think opendkim checks the incoming mail. There is another procedure to sign your mail.When you think it works, usehttps://dkimvalidator.com/Also go to mxtools to verify you haven't created an open relay.Regarding LetsEncrypt, I use the bash script.https://github.com/acmesh-official/acme.shThis saves you Python headaches.From: gr...@sloop.netSent: October 26, 2020 6:01 PMTo: dovecot@dovecot.orgReply-to: gr...@sloop.net; dovecot@dovecot.orgSubject: Re: Looking for a guide to collect all e-mail from the ISP mail server  The reason there's no pretty complete how-to is because what you're doing seems completely insane to the vast majority of people who'd look at your problem and select your way of approaching solving it.

Yeah, you can also host your own website off of a DSL line, using a rasp-pi connected via a ham data relay which is faxing pages back and forth over a couple of soup-cans and string - etc, etc, etc.

While I get, at least in principle, why you want to do it your way - you've selected a particularly painful, and super time-expensive way, IMO.

A VPS for like $10 a month would do everything you want to do. Run Ubuntu on it, and allow Ubuntu to do security updates and restarts and you'll almost certainly be fine. If you want, get a fully managed VPS for a little more, and they'll do all that for you.

Or, one of a hundred other ways to accomplish handling mail - but you've picked one of the oddest, most difficult ways...and then "complain" that there's no examples. Yeah, 'cause no-one wants to do it your way because it's crazy.

Sorry dude - I kinda get it, but no, I'd never pick your way of doing it, and I'm not surprised that there's almost no one who has cranked a complete example of it either.

Not trying to make fun of you, but dang, the time wasted in this thread could probably have paid for 5 years of hosted mailcow.

Cheers!
Do have fun.

-Greg


>> 2. install and configure OfflineIMAP to synchronize the IMAP folders between your ISP IMAP server and your Dovecot server; see for example
>> http://www.offlineimap.org/doc/quick_start.htmlRD> OfflineIMAP is not the way to go. Many ISPs have very low size
RD> limits for the mailbox sizes. The one I am looking at right now does have this problem
RD> (unless you pay extra).

RD>  From what I have gathered now, your hints about Postfix and
RD> fetchmail are correct. The trouble is that those doc pages are not real-life, complete
RD> examples with Dovecot of the two possible ways: 1)
RD> multidrop/catch all, and 2) one mailbox per user.

RD> Yes, I should be able to piece it all together. I will probably
RD> try. I just find it surprising that there is no such a complete guide yet. Because I
RD> am sure that there are a few gotchas along the way.


 >> see
 >> https://blog.sys4.de/abholdienst-fur-mail-de.htmlRD> Yes, getmail is an alternative, and that looks like a good way
RD> too. But it's the same problem: the article is not complete. It states "how you could
RD> arrange it". It would be nice that you did not have to manually
RD> write a getmail config file per user. And an example for multidrop is missing. There
RD> is a note at the end that you should carefully plan the transport
RD> ways, but I wouldn't know yet what to do in that respect.

RD> It's just not a guide that I can follow from top to bottom to get
RD> a first working mail server to play with. That makes it pretty hard for me at this
RD> time. I will 

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

First of all, I want to learn how to do it, just for fun.



If you want to do this yourself for fun, here is what I believe a good way 
to do it:


1. install and configure Dovecot with one account for each user; see for 
example https://doc.dovecot.org/configuration_manual/quick_configuration/


2. install and configure OfflineIMAP to synchronize the IMAP folders 
between your ISP IMAP server and your Dovecot server; see for example 
http://www.offlineimap.org/doc/quick_start.html


At this point you should have a functional IMAP server, and your users can 
use your ISP SMTP server to send their mails.


If you want to go one step further, and want your users to send their 
mails through your server, install and configure Postfix; see for example 
http://www.postfix.org/SOHO_README.html or 
https://www.howtoforge.com/how-to-relay-email-on-a-postfix-server


If you want to go another step further, and want to remove the mails from 
your ISP IMAP server (instead of just mirroring it in Dovecot), install 
and configure Fetchmail; see for example 
https://www.linode.com/docs/guides/using-fetchmail-to-retrieve-email/

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Sloop]

The reason there's no pretty complete how-to is because what you're doing seems 
completely insane to the vast majority of people who'd look at your problem and 
select your way of approaching solving it.

Yeah, you can also host your own website off of a DSL line, using a rasp-pi 
connected via a ham data relay which is faxing pages back and forth over a 
couple of soup-cans and string - etc, etc, etc.

While I get, at least in principle, why you want to do it your way - you've 
selected a particularly painful, and super time-expensive way, IMO.

A VPS for like $10 a month would do everything you want to do. Run Ubuntu on 
it, and allow Ubuntu to do security updates and restarts and you'll almost 
certainly be fine. If you want, get a fully managed VPS for a little more, and 
they'll do all that for you.

Or, one of a hundred other ways to accomplish handling mail - but you've picked 
one of the oddest, most difficult ways...and then "complain" that there's no 
examples. Yeah, 'cause no-one wants to do it your way because it's crazy.

Sorry dude - I kinda get it, but no, I'd never pick your way of doing it, and 
I'm not surprised that there's almost no one who has cranked a complete example 
of it either.

Not trying to make fun of you, but dang, the time wasted in this thread could 
probably have paid for 5 years of hosted mailcow.

Cheers! 
Do have fun.

-Greg


>> 2. install and configure OfflineIMAP to synchronize the IMAP folders between 
>> your ISP IMAP server and your Dovecot server; see for example 
>> http://www.offlineimap.org/doc/quick_start.html

RD> OfflineIMAP is not the way to go. Many ISPs have very low size
RD> limits for the mailbox sizes. The one I am looking at right now does have 
this problem
RD> (unless you pay extra).

RD>  From what I have gathered now, your hints about Postfix and
RD> fetchmail are correct. The trouble is that those doc pages are not 
real-life, complete
RD> examples with Dovecot of the two possible ways: 1)
RD> multidrop/catch all, and 2) one mailbox per user.

RD> Yes, I should be able to piece it all together. I will probably
RD> try. I just find it surprising that there is no such a complete guide yet. 
Because I
RD> am sure that there are a few gotchas along the way.


 >> see
 >> https://blog.sys4.de/abholdienst-fur-mail-de.html

RD> Yes, getmail is an alternative, and that looks like a good way
RD> too. But it's the same problem: the article is not complete. It states "how 
you could
RD> arrange it". It would be nice that you did not have to manually
RD> write a getmail config file per user. And an example for multidrop is 
missing. There
RD> is a note at the end that you should carefully plan the transport
RD> ways, but I wouldn't know yet what to do in that respect.

RD> It's just not a guide that I can follow from top to bottom to get
RD> a first working mail server to play with. That makes it pretty hard for me 
at this
RD> time. I will need much more time to learn and test every little
RD> detail myself. I'm not promising anything, but I may actually invest the 
time if I
RD> don't find anything else more interesting in the meantime. 8-)


RD> In any case, thanks for the hints. I know now what the way to go
RD> is. Those pesky port 25 people are not going to get me! ;-)

RD> Regards,
RD>rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter]

Am 26.10.20 um 21:55 schrieb Robert Schetterer:


see https://blog.sys4.de/abholdienst-fur-mail-de.html


OP considers his/her ISPs spam/antivirus filter adequat. Doing such on 
his/her own burdens the setup with quite some maintainance. Perhaps 
though, getmail trumps fetchmail, I don't now.


--
peter

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

2. install and configure OfflineIMAP to synchronize the IMAP folders between your ISP IMAP server and your Dovecot server; see for example 
http://www.offlineimap.org/doc/quick_start.html


OfflineIMAP is not the way to go. Many ISPs have very low size limits for the mailbox sizes. The one I am looking at right now does have this problem 
(unless you pay extra).


From what I have gathered now, your hints about Postfix and fetchmail are correct. The trouble is that those doc pages are not real-life, complete 
examples with Dovecot of the two possible ways: 1) multidrop/catch all, and 2) one mailbox per user.


Yes, I should be able to piece it all together. I will probably try. I just find it surprising that there is no such a complete guide yet. Because I 
am sure that there are a few gotchas along the way.



> see
> https://blog.sys4.de/abholdienst-fur-mail-de.html

Yes, getmail is an alternative, and that looks like a good way too. But it's the same problem: the article is not complete. It states "how you could 
arrange it". It would be nice that you did not have to manually write a getmail config file per user. And an example for multidrop is missing. There 
is a note at the end that you should carefully plan the transport ways, but I wouldn't know yet what to do in that respect.


It's just not a guide that I can follow from top to bottom to get a first working mail server to play with. That makes it pretty hard for me at this 
time. I will need much more time to learn and test every little detail myself. I'm not promising anything, but I may actually invest the time if I 
don't find anything else more interesting in the meantime. 8-)



In any case, thanks for the hints. I know now what the way to go is. Those 
pesky port 25 people are not going to get me! ;-)

Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Robert Schetterer]

Am 25.10.20 um 21:01 schrieb Marc Roos:
  
Maybe get something like Zimbra, such solutions also have support that

you can buy when you need it or don't have time (I guess).



-Original Message-
From: R. Diez [mailto:rdiezmail-2...@yahoo.de]
Sent: Sunday, October 25, 2020 6:57 PM
To: dovecot@dovecot.org
Subject: Looking for a guide to collect all e-mail from the ISP mail
server

Hi all:

I am evaluating mail server solutions for a small business. The trouble
is, I am only a part-time admin and a newbie to mail servers.

Most guides I have seen are rather unrealistic: they encourage you to
expose your e-mail server to the Internet, and hope that you have the
resources
to keep it patched up.

I would rather have an internal mail server that collects e-mails from a
standard ISP mail server.  It is like the old "POP3 Connector" that came
with
Microsoft Exchange.  Sometimes, there is a mailbox per user on the ISP,
and a corresponding one on the local server.  Other times, there is a
single
"catch all" or "multidrop" mailbox on the ISP.

Users can still access their internal mailboxes from outside through an
OpenVPN connection.  The goal is that only VPN, and perhaps SSH, are
accessible from the outside.  We do not need to arrange any special SMTP
configuration with the ISP either.

This kind of mail server setup is rather different to the standard
configuration. You do not normally need you own antivirus and spam
filter, and you
do not need to configure SSL certificates, MX or SPF DNS records. Most
ISP handle that correctly and economically.  Internal e-mail does not
leave
your LAN, and your internal SMTP server is just a relay for the external
ISP SMTP server.

Furthermore, most guides do not explain how to setup an autoresponder
("I am on holiday until xxx") so that users can enable theirs with the
mouse.
Editing configuration files over SSH is not really an option for normal
users. This detail is important because it could be the only thing I
need
above standard e-mail. Further groupware features can be seen as nice
but ultimately unnecessary luxury, and a basic shared calendar can be
accomplished with a separate server like https://radicale.org/ and a
calendar client like one built into Thunderbird. Hopefully, that is all
I would
need for a small business.

Can anyone point me to the kind of guide I need? Failing that, I would
need information or examples about using fetchmail, getmail or similar
software
with Dovecot.  Good or bad experiences from you guys would also help.

Each of those tools has a detailed man page, but there are many options
and ways with different advantages and disadvantages.  I would need a
simpler
guide to get started.

I am aware that there are pre-packaged mail server solutions that would
perhaps bring an easy-to-use autoresponder, but I haven't seen one yet
that
where you could tick a box like "this server is only internal and
collects mail from the ISP server" during installation. Nor have I seen
instructions
about reconfiguring the mail server for my ISP mail scenario.

I am prepared to learn more and write my own Perl scripts and/or
installation guide, but it would be stupid to waste time if something
easy already
exists.  After all, the setup I am describing (external ISP mail server
+ internal mail server) is not so weird.

Thanks in advance,
rdiez




see
https://blog.sys4.de/abholdienst-fur-mail-de.html

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Scott Q.]

no spam/virus filtering ? Virtual suicide these days :P



On Monday, 26/10/2020 at 16:13 R. Diez wrote:


> Start of a HOWTO:
> 
> 1) Install dovecot, create virtual accounts for all of your users
> 2) Install fetchmail, make it pull the ISPs IMAP and deliver locally
> 3) Install postfix as a smart relay and deliver locally to locals
> 
> Feel free to fill in the details ;)

And I thought you guys had nothing else to do, sitting here on the
mailing list and pretending to have some mail server skills... So,
yes, it does 
look like I'll have to be the one filling in all the details!  8-)

Regards,
   rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

Start of a HOWTO:

1) Install dovecot, create virtual accounts for all of your users
2) Install fetchmail, make it pull the ISPs IMAP and deliver locally
3) Install postfix as a smart relay and deliver locally to locals

Feel free to fill in the details ;)


And I thought you guys had nothing else to do, sitting here on the mailing list and pretending to have some mail server skills... So, yes, it does 
look like I'll have to be the one filling in all the details!  8-)


Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

Dave McGuire:


I'm sorry buddy, your credibility hit rock bottom in your first post, 
and your subsequent posts aren't helping.


Have a nice day. *plonk*



Thank you for your kind words.  Have a nice day, too.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

First of all, I want to learn how to do it, just for fun.



Okay, that was not what you initially said.  Some comments below, 
nonetheless.




I will not recommend Google. Ever heard of data protection and data 
confidentiality?




Your data is stored confidentially by Google, obviously.  Otherwise nobody 
would use their services.




And then you are completely dependent. Your are nothing for a huge 
company like Google. If they lose your complete e-mail database, they 
will tell you that they are awfully sorry. If at all.




The likelihood that Google loses your email is far less than the 
likelihood that your server has a disk failure, gets hacked and rm -rf'd, 
is stolen, burns in a fire, and so forth.




And no, running a mail server does not "consume a significant amount of 
resources". Any 10-year-old laptop can easily cater for a small 
business.




I meant human resources, obviously.



Besides, paying $6/user/month is actually very expensive for some small 
organisations. If you have 20 volunteers coming to the help in a small 
public library once a month, that would be $1440 a year just for e-mail 
services.




I'll say it again: Google is _free_ for nonprofits.  Free: $0/user/month, 
for as many users as you want.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

I too would strongly advise you to use Google Workspace (the recent new 
name for G Suite, previously known as Google Apps).  It's cheap, very 
reliable, and has all features you can dream of, including an 
autoresponder.  It's unrealistic to think that it's possible to beat a 
service that costs a mere USD 6 / user / month (and is free for 
nonprofits!).


You're advocating



I'm not advocating, I give the OP an advice, which he is (and you are) 
free to ignore.




storing confidential business or personal data on the servers of the 
world's largest data mining company, and one that is rapidly becoming 
quite evil.




That's nonsense.  I will give one example: Airbus, the European aerospace 
corporation, uses Google Workspace.  If there is one single company in the 
world that would have every possible reason to not store their 
"confidential business data" on the servers of an American company, it's 
Airbus.  Yet they do it.

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

I too would strongly advise you to use Google Workspace (the recent new 
name for G Suite, previously known as Google Apps). It's cheap, very 
reliable, and has all features you can dream of, including an 
autoresponder. It's unrealistic to think that it's possible to beat a 
service that costs a mere USD 6 / user / month (and is free for 
nonprofits!).


I would not advice any company that is continuously being fined for 
breaking the law.




This is not only an overstatement, it is completely irrelevant.  Given the 
OP problem statement (small business, part-time admin, newbie to mail 
servers), I do not think there is a better solution.  A small server 
already costs 20 USD / month, running a mail server consumes a significant 
amount of resources, and as the OP mentions running a mail server also 
represents a high security risk.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Gregory Heytings]

Hi,



I am evaluating mail server solutions for a small business. The trouble 
is, I am only a part-time admin and a newbie to mail servers.




I too would strongly advise you to use Google Workspace (the recent new 
name for G Suite, previously known as Google Apps).  It's cheap, very 
reliable, and has all features you can dream of, including an 
autoresponder.  It's unrealistic to think that it's possible to beat a 
service that costs a mere USD 6 / user / month (and is free for 
nonprofits!).


Gregory

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Mihai Badici]

On 10/26/20 7:53 PM, Jochen Bern wrote:

On 26.10.20 17:45, Mihai Badici wrote:

So I guess it is not trivial to sort again all the mails and
deliver each one in a mailbox after you mixed all together in a single
catchall mailbox. Could be done for sure but it is some work to do...

Determining the intended recipient of a specific *copy* of an e-mail
(info contained in the envelope) from that copy *after* "final" delivery
(at the ISP, no more envelope, info *possibly* contained in pseudo
headers of varying name and reliability) is *most definitely*
nontrivial, and (used to be?) known as a prime cause of mail loops.

If you don't know *exactly* what you're doing, maintain your myriad of
users/mailboxes *both* at the ISP and on your internal servers and put
the "mails in ISP mailbox X *all* go into internal mailbox Y, and
nowhere else!" relations "hardcoded" into your retrieval tool's config.

Regards,


That's exactly why I recommended  to use smtp relay. Maintaining two 
user's database without any  password sync mechanism available it's 
asking for trouble. Well, with under 10 user you can manage...


As a bonus, you have a near "real mail system" and you eventually learn 
to manage it :)

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Jochen Bern]

On 26.10.20 17:45, Mihai Badici wrote:
> So I guess it is not trivial to sort again all the mails and
> deliver each one in a mailbox after you mixed all together in a single
> catchall mailbox. Could be done for sure but it is some work to do... 

Determining the intended recipient of a specific *copy* of an e-mail
(info contained in the envelope) from that copy *after* "final" delivery
(at the ISP, no more envelope, info *possibly* contained in pseudo
headers of varying name and reliability) is *most definitely*
nontrivial, and (used to be?) known as a prime cause of mail loops.

If you don't know *exactly* what you're doing, maintain your myriad of
users/mailboxes *both* at the ISP and on your internal servers and put
the "mails in ISP mailbox X *all* go into internal mailbox Y, and
nowhere else!" relations "hardcoded" into your retrieval tool's config.

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH



smime.p7s
Description: S/MIME Cryptographic Signature

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

> Btw., why is an open port 25 evil if the MTA is configured correctly?
> Can you elaborate, please? 

He does not know, that is why he assumes this. He first needs to aquire 
some basic principles and learn, as he wrote.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Mihai Badici]

I remember back in the dialup era there was a small company in Timisoara 
who tried to sell this kind of solution. (They started to sell servers 
after a while so I guess they didn't have much success selling  their 
workaround) So I guess it is not trivial to sort again all the mails and 
deliver each one in a mailbox after you mixed all together in a single 
catchall mailbox. Could be done for sure but it is some work to do...  
Also there is some management: what to do with the catchall mailbox? 
Delete each mail after successfully downloaded? Use IMAP and sync it for 
a while to have a backup?


On 10/26/20 6:34 PM, Michael Schumacher wrote:

[...]

I could not find anything there related to multidrop or "catch all" mailboxes.

[...]

Nothing like that there either.

[...]

This is a huge document with little introduction. It seems to be
mostly about fighting spam. I did not find anything like the setup I described.

looks like the collective wisdom of this group can't provide precisely
what you are looking for. You may need to figure it out by yourself.

Btw., why is an open port 25 evil if the MTA is configured correctly?
Can you elaborate, please?

best regards
---
Michael Schumacher

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter]

Am 26.10.20 um 11:24 schrieb R. Diez:


Hello R, I only wrote about the incoming side - of course, you also 
want to
send mail to remote users, and that includes users with an address of 
…@myisp.com. They will go to the ISP and be fetched to local from there.



That is not what I had in mind. My users will not go to the ISP and 
fetch their e-mails from there. They will always go to my internal mail 
server. If a user is on the road, he/she will connect with OpenVPN first.


Probably I could have said that better: fetchmail will fetch those mails 
from the ISP, same as any other mails to some...@your.site - the Inbox 
at your ISPs will always be empty, your users will only interact with 
the dovecot instance on premise. There is some inefficiency, the price 
for a simpler setup.


I have seen Microsoft Exchange setups that carried on working locally if 
the Internet connection was down. If Microsoft can do that, I want to 
have it too. 8-)


With some tinkering, you can configure your local relay smtp to 
deliver those locally,


To be more clear - if you have a local smtpd too (not just dovecot and 
fetchmail, postfix perhaps), that sits between your users MUA and your 
ISPs smtpd, you can make it recognise some...@your.site as a "local" 
account and have those mails delivered locally. You have to set up some 
mappings though, that replicate the ones in your fetchmailrc.


Start of a HOWTO:

1) Install dovecot, create virtual accounts for all of your users
2) Install fetchmail, make it pull the ISPs IMAP and deliver locally
3) Install postfix as a smart relay and deliver locally to locals

Feel free to fill in the details ;)

--
peter

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Michael Schumacher]

[...]
> I could not find anything there related to multidrop or "catch all" mailboxes.
[...]
> Nothing like that there either.
[...]
> This is a huge document with little introduction. It seems to be
> mostly about fighting spam. I did not find anything like the setup I 
> described.

looks like the collective wisdom of this group can't provide precisely
what you are looking for. You may need to figure it out by yourself.

Btw., why is an open port 25 evil if the MTA is configured correctly?
Can you elaborate, please? 

best regards
---
Michael Schumacher

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Stephen Hanselman]

I hate to have to use this cliché "if you believe that I have a great one owner 
bridge for sale".  There is no positively secure store for any purpose that has 
even a remote possibility of being connected to the internet.  As can be seen 
to secure data = no connection to internet, save money keep my private data on 
a random server who knows where = insecure data.

Steve hanselman

-Original Message-
From: dovecot  On Behalf Of Dave McGuire
Sent: Monday, October 26, 2020 8:30 AM
To: dovecot@dovecot.org
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail server

On 10/26/20 11:24 AM, Gregory Heytings wrote:
> Your data is stored confidentially by Google, obviously.  Otherwise 
> nobody would use their services.

   My keyboard is now COMPLETELY saturated with coffee.  Some hit my display 
this time, too.

  -Dave

--
Dave McGuire, AK4HZ
New Kensington, PA


smime.p7s
Description: S/MIME cryptographic signature

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

There are plenty of guides available. I don't know your mother tongue,
but seeing your last name, I assume you may be speaking German. Take a
look at these German language guides:


I do speak German, thanks for the links.



https://www.it-management-kirchberger.at/manuals-tutorials/server-centos-7/postfix-mailserver-vimbadmin/postfix-amavisd-new-clamav-spamassassin.html


I could not find anything there related to multidrop or "catch all" mailboxes.



https://www.dokuwiki.tachtler.net/doku.php


Nothing like that there either.



https://dokuwiki.nausch.org/doku.php/centos:mail_c7:spam_6


This is a huge document with little introduction. It seems to be mostly about 
fighting spam. I did not find anything like the setup I described.

Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Dave McGuire]

On 10/26/20 11:24 AM, Gregory Heytings wrote:
Your data is stored confidentially by Google, obviously.  Otherwise 
nobody would use their services.


  My keyboard is now COMPLETELY saturated with coffee.  Some hit my 
display this time, too.


 -Dave

--
Dave McGuire, AK4HZ
New Kensington, PA

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

> That's nonsense.  I will give one example: Airbus, the European 
aerospace corporation, uses Google Workspace.

What do they store there? That is the question, maybe some irrelevant 
data, I doubt if they store CAD drawings online or data that is 
protected by GDPR legislation.
And even when, are you going to burn books, when Airbus is going to burn 
books?

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Dave McGuire]

On 10/26/20 11:07 AM, Marc Roos wrote:


  >  It's hard to imagine anyone being that dumb, but then this society
has been surprising me a lot in recent years.

If I tell some woman in the store that she is about to buy an energy
drink promoted by/having a picture of a convicted rapist. They look at
me weird and the most stupid response I got was 'but I am not buying it
for myself'.


  coffee -> keyboard

--
Dave McGuire, AK4HZ
New Kensington, PA

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Dave McGuire]

On 10/26/20 11:09 AM, Gregory Heytings wrote:
I too would strongly advise you to use Google Workspace (the recent 
new name for G Suite, previously known as Google Apps).  It's cheap, 
very reliable, and has all features you can dream of, including an 
autoresponder.  It's unrealistic to think that it's possible to beat 
a service that costs a mere USD 6 / user / month (and is free for 
nonprofits!).


You're advocating


I'm not advocating, I give the OP an advice, which he is (and you are) 
free to ignore.


  And now you're splitting hairs on terminology.  This suggests a 
particular approach to an disagreement, and is not doing you any good.


storing confidential business or personal data on the servers of the 
world's largest data mining company, and one that is rapidly becoming 
quite evil.


That's nonsense.  I will give one example: Airbus, the European 
aerospace corporation, uses Google Workspace.  If there is one single 
company in the world that would have every possible reason to not store 
their "confidential business data" on the servers of an American 
company, it's Airbus.  Yet they do it.


  I'm sure they do.  Are you now suggesting that mega-corporations only 
ever do things in the best or smartest way?


  I can point out examples of people and corporations doing stupid 
things all day long.  There are LOTS of examples, everywhere.  This 
doesn't mean they're not stupid.


  I'm sorry buddy, your credibility hit rock bottom in your first post, 
and your subsequent posts aren't helping.


  Have a nice day. *plonk*

 -Dave

--
Dave McGuire, AK4HZ
New Kensington, PA

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

I would not advice any company that is continuously being fined for breaking 
the law.



This is not only an overstatement, it is completely irrelevant.  Given the OP 
problem
statement (small business, part-time admin, newbie to mail 
servers), I do not think there is a better solution
A small server already costs 20 USD / month, running a mail server consumes a significant amount 
of resources, and as the OP mentions running a mail server also represents a high security risk.



Guys, this kind of advice is not helping me either.

First of all, I want to learn how to do it, just for fun. Even if paying for a hosted solution is an economically better solution. It's not for me to 
decide anyway.


I will not recommend Google. Ever heard of data protection and data confidentiality? And then you are completely dependent. Your are nothing for a 
huge company like Google. If they lose your complete e-mail database, they will tell you that they are awfully sorry. If at all.


And no, running a mail server does not "consume a significant amount of 
resources". Any 10-year-old laptop can easily cater for a small business.

Besides, paying $6/user/month is actually very expensive for some small organisations. If you have 20 volunteers coming to the help in a small public 
library once a month, that would be $1440 a year just for e-mail services. Most such people would continue to use private Hotmail addresses. I would 
rather install a Synology NAS and use whatever e-mail service it comes with it.


An on-premise mail server is, and should be, virtually free, at least for a basic e-mail service. No need for cloud. No need to expose any ports. No 
need to configure the firewall. No need to ask anything from your ISP.


I have seen it running like that on existing small businesses with Microsoft Exchange and the POP Connector. It is just that Microsoft wants you to 
pay a subscription now, probably because the old licence fees are way cheaper than $6/user/month.


If Linus had been reading this mailing list, we would all be paying lawyers to contract professional Sun/Oracle consultants to run our software on 
certified Solaris servers!


Regards,
  rdiez

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

 >  It's hard to imagine anyone being that dumb, but then this society 
has been surprising me a lot in recent years.

If I tell some woman in the store that she is about to buy an energy 
drink promoted by/having a picture of a convicted rapist. They look at 
me weird and the most stupid response I got was 'but I am not buying it 
for myself'. 

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

 > Yes, you all want me to open ports. I'm sorry guys, but I won't 
budge:
 > 1) Opening a port means reconfiguring the firewall. You may find it 
funny, but some non-profits have no firewall, just a standard ADSL 
router. The ones that the telecom company provides often has no IP 
filtering abilities.

Read your router manual, you can easily only port forward from a single 
or multiple ips to your local

> 2) I will not expose an SMTP server to the outside word. I will not 
install in, or advise to, a small business a piece of software that 
craves for attention 

The problem is your knowledge is limited, and therefore draw incorrect 
conclusions. So maybe try and find someone that has more knowledge in 
your group, or ask around in your charity.

> 3) Of course I can ask the current ISP. And they may comply. But how 
about the next one?

What next one? You should stick with your ISP for years, I have.

> 4) Of course I can filter my provider's IP in some Linux firewall. But 
then the provider will change its setup and won't tell me. Or I will not 
have time to modify the configuration. Or the next person will not have 
time just this week.

These things do not change. I did not change my mail ip's the last 10 
years or so. I guess only 'hillbillies' that hop around from supplier to 
supplier to cut a few dollars a month do this.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Dave McGuire]

On 10/26/20 10:26 AM, Gregory Heytings wrote:
I too would strongly advise you to use Google Workspace (the recent new 
name for G Suite, previously known as Google Apps).  It's cheap, very 
reliable, and has all features you can dream of, including an 
autoresponder.  It's unrealistic to think that it's possible to beat a 
service that costs a mere USD 6 / user / month (and is free for 
nonprofits!).


  You're advocating storing confidential business or personal data on 
the servers of the world's largest data mining company, and one that is 
rapidly becoming quite evil.


  It's hard to imagine anyone being that dumb, but then this society 
has been surprising me a lot in recent years.


   -Dave

--
Dave McGuire, AK4HZ
New Kensington, PA

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

Besides, the way you suggest means opening a SMTP port to the outside

world. A security risk and more work at the firewall etc.

You can just allow some ip addresses of your provider to connect, not?
Nothing outside world.



Yes, you all want me to open ports. I'm sorry guys, but I won't budge:

1) Opening a port means reconfiguring the firewall. You may find it funny, but some non-profits have no firewall, just a standard ADSL router. The 
ones that the telecom company provides often has no IP filtering abilities.


2) I will not expose an SMTP server to the outside word. I will not install in, or advise to, a small business a piece of software that craves for 
attention (patch me, patch me!).


3) Of course I can ask the current ISP. And they may comply. But how about the 
next one?

4) Of course I can filter my provider's IP in some Linux firewall. But then the provider will change its setup and won't tell me. Or I will not have 
time to modify the configuration. Or the next person will not have time just this week.


5) There is really no need. A multidrop / "catch all" mailbox should work fine. And it is a pretty standard feature in all ISPs I know of. Many people 
are using this kind of setup.


It's only that it is hard to learn, because there is no single, complete tutorial for this kind setup that I have found yet. But I am collecting more 
info, so maybe I will end up writing one myself.


6) Even if it does not make sense, I want to learn how to do it. Just for fun.

You probably mean it well, but if that is all the advice you can give me, it is 
not really helping!

I really still think that you should not advise other people to expose servers on the Internet if there is not really a _very_ good reason, especially 
for small businesses or volunteer-driven clubs or charities. The only good reasons I found yet are for SSH and OpenVPN. Anything else is a "no go" in 
this kind of environment.


Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Mihai Badici]

Your approach is ok but is more complicated. That's why I suggested this 
setup, which is simplest but indeed need a little help from your 
provider ( for no matter which provider, in fact).


On 10/26/20 4:16 PM, R. Diez wrote:


Why don't you configure all stuff internally and ask your provider to 
relay
the e-mails from and to you via "smart relay"?  You will communicate 
only via smtp and only with your provider,

> [...]

When you are a small business or a volunteer-run club or charity, you 
don't ask your provider. You have no leverage. You may not even be 
able to change provider so easily.


Besides, the way you suggest means opening a SMTP port to the outside 
world. A security risk and more work at the firewall etc.


From what I gathered to date, there should be nothing wrong with 
collecting e-mails from a catch-all/multidrop POP3/IMAP4 mailbox, so I 
will carry on pursuing this method.


Regards,
  rdiez

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

 > I too would strongly advise you to use Google Workspace (the recent 
new name for G Suite, previously known as Google Apps). 
 > It's cheap, very reliable, and has all features you can dream of, 
including an autoresponder.
 >  It's unrealistic to think that it's possible to beat a service that 
costs a mere USD 6 / user / month (and is free for nonprofits!).

I would not advice any company that is continuously being fined for 
breaking the law.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Filip Hajný]

> 26. 10. 2020 v 15:12, R. Diez :
> 
> Thanks for the hint. I initially discarded Mailcow because of this:
> 
> "mailcow: dockerized comes with multiple containers"
> 
> The installation instructions mention that Docker Compose is required. Not 
> long ago I learnt enough to launch one Docker container. I could be convinced 
> to use a dockerised application, but multiple containers and Docker Compose? 
> I have a feeling that Mailcow is not really designed to run on premises in a 
> small business or a volunteer-based club or charity.

Not sure I understand, you don’t have to be a rocket scientist to run 
docker-compose (unlike Kubernetes maybe). I’m running it on a €5/mo 4G VM with 
Hetzner (plus some storage). It would run on just about any server you might 
have running in your office or your attic at home, and the guys have it all 
scripted up with a fancy GUI.

-F

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Mihai Badici]

On 10/26/20 4:16 PM, R. Diez wrote:


Why don't you configure all stuff internally and ask your provider to 
relay
the e-mails from and to you via "smart relay"?  You will communicate 
only via smtp and only with your provider,

> [...]

When you are a small business or a volunteer-run club or charity, you 
don't ask your provider. You have no leverage. You may not even be 
able to change provider so easily.


Besides, the way you suggest means opening a SMTP port to the outside 
world. A security risk and more work at the firewall etc.


From what I gathered to date, there should be nothing wrong with 
collecting e-mails from a catch-all/multidrop POP3/IMAP4 mailbox, so I 
will carry on pursuing this method.


Regards,
  rdiez


You will open the smtp port only to your provider.  The provider will 
receive mails for your domain and will send your mails for outside 
world. He can relay  them to you on an arbitrary port you can open only 
for that server.  You may have right you can't ask him this kind of 
setup but if they already run an e-mail server ( and most of them 
actually do that) it is not such a big effort to add two lines in their 
server config, it cost nothing to  ask :) That will allow you to run a 
complete mail suite almost as in the "real world".

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

 

 > When you are a small business or a volunteer-run club or charity, you 
don't ask your provider. 
 > You have no leverage. You may not even be able to change provider so 
easily.

Just ask, I will bet they do it. They do not need to configure that much 
even I think. By default smtp servers are queueing mail for down hosts.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

I assure you each IP address has only one reverse pointer at Digital Ocean. I 
know this because I set up the reverse pointer myself. 





  Original Message  


From: m.r...@f1-outsourcing.eu
Sent: October 26, 2020 4:41 AM
To: li...@lazygranch.com; s...@ketola.io
Cc: build+dove...@de-korte.org; dovecot@dovecot.org
Subject: RE: Looking for a guide to collect all e-mail from the ISP mail server



you should ask your ip provider to set a proper reverse lookup for you.
If I would get a lot of spam from upcloud.host ips, I would also
consider blocking upcloud.host reverse dns lookups. If it is your ip, it
is an easy request to have it changed.



-Original Message-
From: Sami Ketola [mailto:s...@ketola.io]
Sent: Monday, October 26, 2020 11:22 AM
To: lists
Cc: Arjen de Korte; Dovecot Mailing List
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail
server



On 26. Oct 2020, at 11.36, lists  wrote:

Actually the reverse pointer doesn't have to match. In fact this is
impossible if you are setting up virtual accounts on one server for
different domains. You just need to have a reverse pointer.

Most email servers look to seen if the reverse pointer has a "dyn"
in it and blocks those.




Also your own email server is not behaving nicely:

: host lazygranch.com[198.199.119.111] said: 500
5.7.1
   <83-136-254-93.uk-lon1.upcloud.host[83.136.254.93]>: Client host
rejected:
   eat a bag of dicks (in reply to RCPT TO command)

and for that reason I have blacklisted you from any help requests. You
may do the same whatever you are telling me to do.

Sami

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

> Besides, the way you suggest means opening a SMTP port to the outside 
world. A security risk and more work at the firewall etc.

You can just allow some ip addresses of your provider to connect, not? 
Nothing outside world.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

Why don't you configure all stuff internally and ask your provider to relay
the e-mails from and to you via "smart relay"?  You will communicate only 
via smtp and only with your provider,

> [...]

When you are a small business or a volunteer-run club or charity, you don't ask your provider. You have no leverage. You may not even be able to 
change provider so easily.


Besides, the way you suggest means opening a SMTP port to the outside world. A 
security risk and more work at the firewall etc.

From what I gathered to date, there should be nothing wrong with collecting e-mails from a catch-all/multidrop POP3/IMAP4 mailbox, so I will carry on 
pursuing this method.


Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

Have a look at Mailcow too, it comes with almost everything.
I’ve been running it for a year now, after many years of usin
a self-assembled stack, and it’s a bliss.


Thanks for the hint. I initially discarded Mailcow because of this:

"mailcow: dockerized comes with multiple containers"

The installation instructions mention that Docker Compose is required. Not long ago I learnt enough to launch one Docker container. I could be 
convinced to use a dockerised application, but multiple containers and Docker Compose? I have a feeling that Mailcow is not really designed to run on 
premises in a small business or a volunteer-based club or charity.




I have it coupled with Amazon SES for some domains that run mailing lists.
That’s a cheap option if you want to offload the sender
reputation problem to someone else.

> [...]
> So if you want host your vm somewhere, choose something that is not cheap
> and not big. Spammers more most likely to choose cheap.

Yes, I gather that you guys want me to expose ports and use the cloud. But I 
will resist you all to the end! 8-)

Regards,
  rdiez

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

> email does not get silently dropped or moved to spam when working with 
gmail.

Gmail is dropping email on purpose? 

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

  If you are using a "dot host" in your TLD you most certainly will be considered spam. Now I understand why you have Gmail problems. I have a number of TLDs I reject because they are known to be used by spammers. I never get listed as spam by Gmail. From: s...@ketola.ioSent: October 26, 2020 3:22 AMTo: li...@lazygranch.comCc: build+dove...@de-korte.org; dovecot@dovecot.orgSubject: Re: Looking for a guide to collect all e-mail from the ISP mail server  On 26. Oct 2020, at 11.36, lists  wrote:Actually the reverse pointer doesn't have to match. In fact this is impossible if you are setting up virtual accounts on one server for different domains. You just need to have a reverse pointer. Most email servers look to seen if the reverse pointer has a "dyn" in it and blocks those. Also your own email server is not behaving nicely:: host lazygranch.com[198.199.119.111] said: 500 5.7.1   <83-136-254-93.uk-lon1.upcloud.host[83.136.254.93]>: Client host rejected:   eat a bag of dicks (in reply to RCPT TO command)and for that reason I have blacklisted you from any help requests. You may do the same whatever you are telling me to do.Sami

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

you should ask your ip provider to set a proper reverse lookup for you. 
If I would get a lot of spam from upcloud.host ips, I would also 
consider blocking upcloud.host reverse dns lookups. If it is your ip, it 
is an easy request to have it changed.

 

-Original Message-
From: Sami Ketola [mailto:s...@ketola.io] 
Sent: Monday, October 26, 2020 11:22 AM
To: lists
Cc: Arjen de Korte; Dovecot Mailing List
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail 
server



On 26. Oct 2020, at 11.36, lists  wrote:

Actually the reverse pointer doesn't have to match. In fact this is 
impossible if you are setting up virtual accounts on one server for 
different domains. You just need to have a reverse pointer. 

Most email servers look to seen if the reverse pointer has a "dyn" 
in it and blocks those. 




Also your own email server is not behaving nicely:

: host lazygranch.com[198.199.119.111] said: 500 
5.7.1
   <83-136-254-93.uk-lon1.upcloud.host[83.136.254.93]>: Client host 
rejected:
   eat a bag of dicks (in reply to RCPT TO command)

and for that reason I have blacklisted you from any help requests. You 
may do the same whatever you are telling me to do.

Sami

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

There was just a recent discussion on the spamassassin mailing list 
where also amazon was mentioned, and from what I can recollect and my 
experience, outgoing amazon mail has a bad reputation. So if you want 
host your vm somewhere, choose something that is not cheap and not big. 
Spammers more most likely to choose cheap.



-Original Message-
Cc: N; dovecot@dovecot.org
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail 
server

26. 10. 2020 v 12:15, R. Diez :
> 
> I would be happy to take a pre-packaged mail server solution like 
iRedMail which includes RoundCube or whatever.

Have a look at Mailcow too, it comes with almost everything. Ive been 
running it for a year now, after many years of using a self-assembled 
stack, and its a bliss.

I have it coupled with Amazon SES for some domains that run mailing 
lists. Thats a cheap option if you want to offload the sender 
reputation problem to someone else.

-F

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Filip Hajný]

26. 10. 2020 v 12:15, R. Diez :
> 
> I would be happy to take a pre-packaged mail server solution like iRedMail 
> which includes RoundCube or whatever.

Have a look at Mailcow too, it comes with almost everything. I’ve been running 
it for a year now, after many years of using a self-assembled stack, and it’s a 
bliss.

I have it coupled with Amazon SES for some domains that run mailing lists. 
That’s a cheap option if you want to offload the sender reputation problem to 
someone else.

-F

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

What you are looking for would be a very advanced setup

> [...]

I don't think so. But we'll see!

I would be happy to take a pre-packaged mail server solution like iRedMail 
which includes RoundCube or whatever.

I just need a "easy", practical guide to reconfigure it to 1) download e-mails from a multidrop, and 2) relay external e-mail to the ISP's SMTP 
server. Well, at least saying it like that does not sound hard. 8-)




More importantly, most ISPs are very limited in the way of support.

> [...]

While that assertion is generally true, most ISPs I have seen do get the basic e-mail service right. All have a kind of "catch all" e-mail address. 
Level of service is normally fine for a small business. If it is not, you can always change ISP.


Hardware costs are not a problem. Most small companies I have seen have a file server sitting idle most of the time. Creating a VM with VirtualBox or 
KVM is relatively easy.


Backing the mail server up is easy too: you just copy the VM as a big file. In a small business you may need a few Gigabytes per year if you want to 
keep all e-mails.


I have even written a script that stops a KVM virtual machine every day at 4 am, backs the big file up to a NAS, and the restarts the VM. OK, I am not 
actually using it, and there is room for improvement, but the basic idea would work. If the server breaks, you have some downtime and you lose some 
data, but not too much. Most small businesses have more downtime and more data loss for other reasons.


Retention is problematic anyway even if you use an external provider. With an external provider you also have to consider data protection issues. 
Small businesses are often exempt from difficult legal requirements (but I am not a lawyer either).




The server would still need to be accessible publicly for email to be routed to 
it.


That's not the case. It hasn't been for an Exchange Server with "POP3 Connector" that I have seen. And it will not be the case with a Dovecote that 
fetches e-mail from the ISP over multidrop.



> [...]

things unexpectedly and you still have maintenance regarding deliverability
(i.e. reputation, dkim/spf/dmarc) and will still be paying additional 


Not applicable. Reputation, SPF, etc. is handled by the ISP. Those are standard 
things, a commodity nowadays.



[...]
Webform attacks are rising so there would


Not applicable. No web interface exposed. Only accessible over a VPN connection.


> [...]

This includes the workaround.org guide which you'll inevitably run across.
That guide was designed for a personal server, its a good step forward
but there are many more requirements needed for business.


That is true. On the other hand, you may be overestimating the needs of a small 
business. Some of them still use Hotmail addresses!



[...] > Stakeholders will need to include all emails related to it at the final 
signing.

> [...]

I am thinking of a small business here, where most things are rather more informal. Something along the lines of "I would do it this way, but if you 
need something professional, I am out of my depth, because I am not actually an admin at all, you know". That's how real life often works. 8-)


In other words, I am looking for a workaround.org guide for multidrop. Just for 
fun!

Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

You look spammy if you don't have SPF or DKIM, and hopefully both.

> [...]

I don't want to worry about spam, SPF, DNS or the lot. That is what the ISP is there for. Most of them actually do a pretty good job for very little 
money in my experience. If not, you can always switch to another ISP.




Regarding geofencing, look back at my post.

> [...]

Geofencing is way too complicated. You would need a real e-mail consultant for 
that. 8-)

It is far easier to install OpenVPN, in order to avoid exposing anything else internal on the Internet. Then it is like the user is inside the LAN. 
There is nothing else to adjust in the mail server or anywhere else.




The reason I run my own email server is I got hacked when using a hosting 
service.

> [...]

I can understand that you got hacked. A nasty experience. But, if you think about it, your ISP got hacked, not you. If you open ports, your server may 
get hacked. And then the hacker is inside your network.


Hack attacks like yours is probably the reason why the European Union is 
forcing nowadays a kind of two-factor authentication for banks, PayPal etc.

The hacker did not change the e-mail password so that you do not realise immediately that you got hacked, and maybe immediately cancel your credit 
cards etc.


There is no way most part-time admins like me can provide better security than an ISP. Even paying for a more professional service is probably not 
worth it. It's an economic weighing exercise: how many get hacked, and what protection costs. I would start by securing PayPal etc. better, by using 
two-factor authentication like SMS or a separate mobile App to approve payments.




One thing you will learn about email servers is there are many programs to 
chain together.

> [...]

That is why I wanted the ISP to take over spam and virus detection. Most do a 
reasonable job, better than I could ever do anyway.


Best regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

That way your users can create their vacancies with the ISP portal,



But then internal e-mails need to go out to the ISP,
don't they? Because, if internal e-mails get delivered locally, the 
vacation autoresponses on the ISP will not trigger, will they?



Hello R, I only wrote about the incoming side - of course, you also want to
send mail to remote users, and that includes users with an address of 
…@myisp.com. They will go to the ISP and be fetched to local from there.



That is not what I had in mind. My users will not go to the ISP and fetch their e-mails from there. They will always go to my internal mail server. If 
a user is on the road, he/she will connect with OpenVPN first.


Of course, immediately receiving new e-mails without a VPN connection would be more comfortable. But that level of comfort needs a real mail server 
consultant then. 8-)



>> The trouble is, with that configuration, if the Internet link goes down,
>> internal e-mail stops working too.


And if internet's down, e-mail will stop working anyways, so why bother?
Even facebook/whatsupp will stop working then!



I have seen Microsoft Exchange setups that carried on working locally if the Internet connection was down. If Microsoft can do that, I want to have it 
too. 8-)


Whatsapp (which you shouldn't actually use for confidential business 
communications) may continue working with your mobile phone data connection.



With some tinkering, you can configure your local relay smtp to deliver those 
locally,
but if your people do not talk about their vacancies over the 
water cooler, then they will miss that reminder then.



People are not that careless even in small businesses, where there is no water cooler at all. Most of them do set up autoresponders, so that customers 
know. Small business tend to care about customers more than big ones. The idea is that those autoresponders should also work internally.


I just learnt that you can install a "Managesieve server" plug-in for forwarding and autoresponders. That would be the way to go then, instead of 
using the autoresponder at the ISP.



Best regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Sami Ketola]

> On 26. Oct 2020, at 11.36, lists  wrote:
> 
> Actually the reverse pointer doesn't have to match. In fact this is 
> impossible if you are setting up virtual accounts on one server for different 
> domains. You just need to have a reverse pointer. 
> 
> Most email servers look to seen if the reverse pointer has a "dyn" in it and 
> blocks those. 
> 

Also your own email server is not behaving nicely:

mailto:li...@lazygranch.com>>: host lazygranch.com 
[198.199.119.111] said: 500 5.7.1
   <83-136-254-93.uk 
-lon1.upcloud.host[83.136.254.93]>: Client host 
rejected:
   eat a bag of dicks (in reply to RCPT TO command)

and for that reason I have blacklisted you from any help requests. You may do 
the same whatever you are telling me to do.

Sami

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

I have used this person's blog for a few operating systems.

https://blog.andreev.it/?p=1975

Poke around for the correct OS. I only set up dovecot and postfix. Keep it 
simple. You then need opendkim. I think opendkim checks the incoming mail. 
There is another procedure to sign your mail.

When you think it works, use
https://dkimvalidator.com/

Also go to mxtools to verify you haven't created an open relay.

Regarding LetsEncrypt, I use the bash script.
https://github.com/acmesh-official/acme.sh
This saves you Python headaches. 




  Original Message  


From: michael.schumac...@pamas.de
Sent: October 26, 2020 1:09 AM
To: rdiezmail-2...@yahoo.de; p...@myzel.net
Cc: dovecot@dovecot.org
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail server


Hello R.,

Sunday, October 25, 2020, 11:12:48 PM, you wrote:

RD> I was hoping that there would be a complete mail server setup
RD> guide somewhere for this kind of setup. But I guess I'll have to piece all 
these
RD> information snippets together.

There are plenty of guides available. I don't know your mother tongue,
but seeing your last name, I assume you may be speaking German. Take a
look at these German language guides:

https://www.it-management-kirchberger.at/manuals-tutorials/server-centos-7/postfix-mailserver-vimbadmin/postfix-amavisd-new-clamav-spamassassin.html
https://www.dokuwiki.tachtler.net/doku.php
https://dokuwiki.nausch.org/doku.php/centos:mail_c7:spam_6

I am sure others can provide other language guides as well.

best regards
---
Michael Schumacher

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Sami Ketola]

> On 26. Oct 2020, at 11.08, lists  wrote:
> 
> I have no problems with Gmail from Digital Ocean. But I have both spf, DKIM, 
> DMARC and a reverse pointer. You need to not look spammy. 
> 
> One advantage to using a VPS is your IP is unique. That is you don't share it 
> with a spammer. Not so with hosted services. 
> 

All that is checked. SPF yes, DKIM yes, DMARC yes, personal ip address space 
and nothing spammy in the emails.
Still randomly emails are silently dropped or moved to spam. Sometimes I can 
send an email without problems, sometimes identical email in terms of mail 
structure is silently dropped.

There is just no way to guarantee a delivery to gmail.

Sami

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Sami Ketola]

> On 26. Oct 2020, at 11.02, Arjen de Korte  wrote:
> 
> Citeren Sebastian Nielsen :
> 
>> Because when I email to friends that are using gmail, my mail ends up in
>> spam unless  my friends put me in whitelist. Seems to vary however, and
>> seems to get better with time.
> 
> In order to prevent ending up in spam in GMail, it is necessary to have 
> working DKIM and/or SPF for your messages and forward- and reverse DNS 
> records for your mailserver match.

Even that is not enough. Currently there is no way to guarantee that your email 
does not get silently dropped or moved to spam when working with gmail.

Sami

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Michael Schumacher]

Hello R.,

Sunday, October 25, 2020, 11:12:48 PM, you wrote:

RD> I was hoping that there would be a complete mail server setup
RD> guide somewhere for this kind of setup. But I guess I'll have to piece all 
these
RD> information snippets together.

There are plenty of guides available. I don't know your mother tongue,
but seeing your last name, I assume you may be speaking German. Take a
look at these German language guides:

https://www.it-management-kirchberger.at/manuals-tutorials/server-centos-7/postfix-mailserver-vimbadmin/postfix-amavisd-new-clamav-spamassassin.html
https://www.dokuwiki.tachtler.net/doku.php
https://dokuwiki.nausch.org/doku.php/centos:mail_c7:spam_6

I am sure others can provide other language guides as well.

best regards
---
Michael Schumacher


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Mihai Badici]

Why don't you configure all stuff internally and ask your provider to 
relay the e-mails from and to you via "smart relay"?  You will 
communicate only via smtp and only with your provider, and you can use a 
nice open-source bundle ( dovecot is mandatory because you wrote on that 
list :) ) in your LAN.










  Original Message  


From: rdiezmail-2...@yahoo.de
Sent: October 25, 2020 10:57 AM
To: dovecot@dovecot.org
Subject: Looking for a guide to collect all e-mail from the ISP mail server


Hi all:

I am evaluating mail server solutions for a small business. The trouble is, I 
am only a part-time admin and a newbie to mail servers.

Most guides I have seen are rather unrealistic: they encourage you to expose 
your e-mail server to the Internet, and hope that you have the resources
to keep it patched up.

I would rather have an internal mail server that collects e-mails from a standard ISP 
mail server.  It is like the old "POP3 Connector" that came with
Microsoft Exchange.  Sometimes, there is a mailbox per user on the ISP, and a 
corresponding one on the local server.  Other times, there is a single
"catch all" or "multidrop" mailbox on the ISP.

Users can still access their internal mailboxes from outside through an OpenVPN 
connection.  The goal is that only VPN, and perhaps SSH, are
accessible from the outside.  We do not need to arrange any special SMTP 
configuration with the ISP either.

This kind of mail server setup is rather different to the standard 
configuration. You do not normally need you own antivirus and spam filter, and 
you
do not need to configure SSL certificates, MX or SPF DNS records. Most ISP 
handle that correctly and economically.  Internal e-mail does not leave
your LAN, and your internal SMTP server is just a relay for the external ISP 
SMTP server.

Furthermore, most guides do not explain how to setup an autoresponder ("I am on 
holiday until xxx") so that users can enable theirs with the mouse.
Editing configuration files over SSH is not really an option for normal users. 
This detail is important because it could be the only thing I need
above standard e-mail. Further groupware features can be seen as nice but 
ultimately unnecessary luxury, and a basic shared calendar can be
accomplished with a separate server like https://radicale.org/ and a calendar 
client like one built into Thunderbird. Hopefully, that is all I would
need for a small business.

Can anyone point me to the kind of guide I need? Failing that, I would need 
information or examples about using fetchmail, getmail or similar software
with Dovecot.  Good or bad experiences from you guys would also help.

Each of those tools has a detailed man page, but there are many options and 
ways with different advantages and disadvantages.  I would need a simpler
guide to get started.

I am aware that there are pre-packaged mail server solutions that would perhaps 
bring an easy-to-use autoresponder, but I haven't seen one yet that
where you could tick a box like "this server is only internal and collects mail from 
the ISP server" during installation. Nor have I seen instructions
about reconfiguring the mail server for my ISP mail scenario.

I am prepared to learn more and write my own Perl scripts and/or installation 
guide, but it would be stupid to waste time if something easy already
exists.  After all, the setup I am describing (external ISP mail server + 
internal mail server) is not so weird.

Thanks in advance,
    rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter Blair]

At 26 October, 2020 Sebastian Nielsen wrote:
> 
> >> why not just point them at a hosting service like google apps, and let
> google keep things up to date?

Oh they most certainly do :)

> Costs money, and also the problem is that gmail imposes heavy spam filters
> and "reputation blocks" meaning smaller providers with low email volumes,
> are put in the spam folder, even if they never send spam, just because their
> email volume is so low (ergo, they must prove they don't spam before getting
> out of ispam folder)

OP is trying to come up with a solution to handle transactional email
within members of the office and some vendors/clients, not bulk email
like you're describing.  As for "costs money", well everything in life
does.  You can't get a branch office's email system setup for free.

> Another thing is that you cannot impose IP restrictions when using Google
> Apps, or have SSO with trusted access from inside the office. (for example -
> scan your badge at the office door, your personal computer is automatically
> logged on and you get access to everything).

Eh, sure -- I suppose if the country you're operating in doesn't have
open communications with google (
https://transparencyreport.google.com/traffic/overview ) then yeah,
you're gonna have a hard time.  But this seems like a stretch for an
argument against using a hosting provider.

> With locally hosted servers, of course you have to keep them updated. Most
> linux distributions can keep them updated automatically.

My question was directed at OP as it sounded like they were coming in to
set something up once then moving on in life.  I wouldn't say that _any_
major linux distro updates automatically.  Rolling OS distros like arch
are constantly getting wedged and requiring a bit of manual attention to
nudge things along.  Distros like fedora can sorta kinda run with a `dnf
upgrade` happening in a cron if you like to... I guess.  Maybe something
like RHEL can be set and forgotten, but if you're paying for a RHEL
license then you're likely not going to abandon the host.

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter Blair]

At 25 October, 2020 R. Diez wrote:
> 
> I am too afraid, I would not expose any such port on the Internet. Who knows
> if the mail server stays months without an update. If I am to recommend or
> implement any such mail server solution to a small business, I would insist
> that the e-mail server is not exposed at all on the Internet.

Setting and forgetting any server/service to run unpatched for months is
generally a bad idea.  I presume that you won't be maintaining this for
them long term -- why not just point them at a hosting service like
google apps, and let google keep things up to date?

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

You look spammy if you don't have SPF or DKIM, and hopefully both. Your email 
will either be bounced or sent to a spam folder. You need a reverse pointer as 
well, but that shouldn't be an issue. The situation is actually worse than it 
sounds. ATT/SBC needs to whitelist you by IP if you are using a VPS. 
Spectrum/Charter just plain blocks many VPS with no recourse.

Regarding geofencing, look back at my post. I leave port 25 open to the world. 
I can receive email from any country. Using submission port 587 means you can 
geofence from where your employee sends and receives email. It does not effect 
your customers since they use port 25.

The reason I run my own email server is I got hacked when using a hosting 
service. The hacker used a vulnerability in RoundCube and could send email as 
me. My PayPal account password was then changed. The hacker was in Morocco. I'm 
sure Morocco is a fine country but I don't plan on visiting it and thus don't 
need to access my email from there. Note the hacker could have changed my email 
password too but didn't. To top it off, I don't even use RoundCube. Never use a 
 browser for email.

When I set up my own email / webserver I made it a point to not use any GUI 
control panel. If there is no hook to change a password from a control panel 
then it won't happen. You reduce the attack surface. All passwords are SHA512.

You geofence all email ports except 25.

I also have a VPS using openvpn but it is on a different IP. That is a tunnel 
out of it to use the internet. Now I think for what you want to do is to have 
openvpn show up as the local host. What you might want to do is join the 
postfix users group. I wouldn't bring up this kind of proxied email scheme you 
want to set up. Rather just ask if it is possible to set up postfix/dovecot so 
that the user who will always be on a VPN can send and receive email. That is I 
think it will boil down to permit local host and nothing else in certain 
places. There are guru status users there.

One thing you will learn about email servers is there are many programs to 
chain together. However think of light bulbs in series. The more in the chain, 
the more likely it is to fail. I dropped SpamAssassin and amavisd due to poor 
reliability. That was when I used freeBSD. I now run centos but just don't 
bother with those extra programs. I use RBLs for spam  blocking. I use my brain 
for antivirus. Antivirus isn't all that good anyway. The key with antivirus is 
at what point in time do they recognize the file is a virus. I send all my 
malware links to virus total.com and maybe two will recognize the link goes to 
malware. 




  Original Message  


From: rdiezmail-2...@yahoo.de
Sent: October 25, 2020 3:25 PM
To: li...@lazygranch.com
Cc: dovecot@dovecot.org
Subject: Re: Looking for a guide to collect all e-mail from the ISP mail server



> You need SPF and DKIM for your outgoing email to be accepted.
> [...]

I don't understand why that is the case (but keep in mind that I am a newbie).

Is it not possible to set up some internal SMTP server that only relies the 
e-mails to the external ISP SMTP server? The internal SMTP server would
then act like a normal user's Thunderbird.

At first I tought that the internal SMTP server would need to know the password 
for each mailbox user. But then I asked, and the ISP SMTP server
allegedly accepts any source e-mail address, as long as you are using one 
e-mail account that is valid in the domain. I wonder if that is standard
practice.


> My idea of a secure email server is to use submission port 587.
> Expose port 25 to the world and aggressively filter all remaining
> email ports with a firewall. And I mean aggressive. Geographically filter
> so only countries where youe users reside can send and retrieve email.
> Block major hosting IP space.

Geo blocking can be problematic. Depending on the small business, some 
customers and suppliers may sit in China or some other geographical area you
would normally block.

I am too afraid, I would not expose any such port on the Internet. Who knows if 
the mail server stays months without an update. If I am to recommend
or implement any such mail server solution to a small business, I would insist 
that the e-mail server is not exposed at all on the Internet.

A web interface etc. is not a problem: I just connect with a VPN and bypass 
most external security issues. If you are the admin, you can also forward
the web interface over an SSH connection.

Best regards,
   rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter]

Hello R,

reply inline below:

Am 25.10.20 um 23:12 schrieb R. Diez:




That way your users can create their vacancies with the ISP portal,

 > [...]

That's a good idea. But then internal e-mails need to go out to the ISP, 
don't they? Because, if internal e-mails get delivered locally, the 
vacation autoresponses on the ISP will not trigger, will they?


The trouble is, with that configuration, if the Internet link goes down, 
internal e-mail stops working too.


Hello R, I only wrote about the incoming side - of course, you also want 
to send mail to remote users, and that includes users with an address of 
…@myisp.com. They will go to the ISP and be fetched to local from there.


And if internet's down, e-mail will stop working anyways, so why bother? 
Even facebook/whatsupp will stop working then!


With some tinkering, you can configure your local relay smtp to deliver 
those locally, but if your people do not talk about their vacancies over 
the water cooler, then they will miss that reminder then.


I was hoping that there would be a complete mail server setup guide 
somewhere for this kind of setup. But I guess I'll have to piece all 
these information snippets together.




Sorry, the world is too big :)

--
peter

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

You need SPF and DKIM for your outgoing email to be accepted.

> [...]

I don't understand why that is the case (but keep in mind that I am a newbie).

Is it not possible to set up some internal SMTP server that only relies the e-mails to the external ISP SMTP server? The internal SMTP server would 
then act like a normal user's Thunderbird.


At first I tought that the internal SMTP server would need to know the password for each mailbox user. But then I asked, and the ISP SMTP server 
allegedly accepts any source e-mail address, as long as you are using one e-mail account that is valid in the domain. I wonder if that is standard 
practice.




My idea of a secure email server is to use submission port 587.
Expose port 25 to the world and aggressively filter all remaining
email ports with a firewall. And I mean aggressive. Geographically filter
so only countries where youe users reside can send and retrieve email.
Block major hosting IP space.


Geo blocking can be problematic. Depending on the small business, some customers and suppliers may sit in China or some other geographical area you 
would normally block.


I am too afraid, I would not expose any such port on the Internet. Who knows if the mail server stays months without an update. If I am to recommend 
or implement any such mail server solution to a small business, I would insist that the e-mail server is not exposed at all on the Internet.


A web interface etc. is not a problem: I just connect with a VPN and bypass most external security issues. If you are the admin, you can also forward 
the web interface over an SSH connection.


Best regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[R. Diez]

Your goal does not sound weird.


OK, thanks for the confirmation.



The most painless way might be to fetch incoming messages from
the ISP's IMAP and deliver them to your local dovecot. 
A shortened fetchmailrc would read:


poll remote.server …
   user …, password …
   folder 'INBOX'
   fetchall
   idle
   ssl
mda "HOME=%T /usr/bin/sudo -u %T /usr/lib/dovecot/deliver"


Brilliant, thanks for the info.



That way your users can create their vacancies with the ISP portal,

> [...]

That's a good idea. But then internal e-mails need to go out to the ISP, don't they? Because, if internal e-mails get delivered locally, the vacation 
autoresponses on the ISP will not trigger, will they?


The trouble is, with that configuration, if the Internet link goes down, 
internal e-mail stops working too.

I was hoping that there would be a complete mail server setup guide somewhere for this kind of setup. But I guess I'll have to piece all these 
information snippets together.


Regards,
  rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[lists]

You need SPF and DKIM for your outgoing email to be accepted. 

My idea of a secure email server is to use submission port 587. Expose port 25 
to the world and aggressively filter all remaining email ports with a firewall. 
And I mean aggressive. Geographically filter so only countries where youe users 
reside can send and retrieve email. Block major hosting IP space. 

How many users will be on the system? If you can handle it, assign all the 
email passwords. This means you need to contact them out of band. I avoid 
cpanel or similar internet access to email settings. I use nothing but ssh to 
maintain my server. 











  Original Message  


From: rdiezmail-2...@yahoo.de
Sent: October 25, 2020 10:57 AM
To: dovecot@dovecot.org
Subject: Looking for a guide to collect all e-mail from the ISP mail server


Hi all:

I am evaluating mail server solutions for a small business. The trouble is, I 
am only a part-time admin and a newbie to mail servers.

Most guides I have seen are rather unrealistic: they encourage you to expose 
your e-mail server to the Internet, and hope that you have the resources
to keep it patched up.

I would rather have an internal mail server that collects e-mails from a 
standard ISP mail server.  It is like the old "POP3 Connector" that came with
Microsoft Exchange.  Sometimes, there is a mailbox per user on the ISP, and a 
corresponding one on the local server.  Other times, there is a single
"catch all" or "multidrop" mailbox on the ISP.

Users can still access their internal mailboxes from outside through an OpenVPN 
connection.  The goal is that only VPN, and perhaps SSH, are
accessible from the outside.  We do not need to arrange any special SMTP 
configuration with the ISP either.

This kind of mail server setup is rather different to the standard 
configuration. You do not normally need you own antivirus and spam filter, and 
you
do not need to configure SSL certificates, MX or SPF DNS records. Most ISP 
handle that correctly and economically.  Internal e-mail does not leave
your LAN, and your internal SMTP server is just a relay for the external ISP 
SMTP server.

Furthermore, most guides do not explain how to setup an autoresponder ("I am on 
holiday until xxx") so that users can enable theirs with the mouse.
Editing configuration files over SSH is not really an option for normal users. 
This detail is important because it could be the only thing I need
above standard e-mail. Further groupware features can be seen as nice but 
ultimately unnecessary luxury, and a basic shared calendar can be
accomplished with a separate server like https://radicale.org/ and a calendar 
client like one built into Thunderbird. Hopefully, that is all I would
need for a small business.

Can anyone point me to the kind of guide I need? Failing that, I would need 
information or examples about using fetchmail, getmail or similar software
with Dovecot.  Good or bad experiences from you guys would also help.

Each of those tools has a detailed man page, but there are many options and 
ways with different advantages and disadvantages.  I would need a simpler
guide to get started.

I am aware that there are pre-packaged mail server solutions that would perhaps 
bring an easy-to-use autoresponder, but I haven't seen one yet that
where you could tick a box like "this server is only internal and collects mail 
from the ISP server" during installation. Nor have I seen instructions
about reconfiguring the mail server for my ISP mail scenario.

I am prepared to learn more and write my own Perl scripts and/or installation 
guide, but it would be stupid to waste time if something easy already
exists.  After all, the setup I am describing (external ISP mail server + 
internal mail server) is not so weird.

Thanks in advance,
   rdiez

Re: Looking for a guide to collect all e-mail from the ISP mail server

[Peter]

Hello R,

Your goal does not sound weird. The most painless way might be to fetch 
incoming messages from the ISP's IMAP and deliver them to your local 
dovecot. A shortened fetchmailrc would read:


poll remote.server …
  user …, password …
  folder 'INBOX'
  fetchall
  idle
  ssl
mda "HOME=%T /usr/bin/sudo -u %T /usr/lib/dovecot/deliver"

That way your users can create their vacancies with the ISP portal, the 
ISP will do availability, antivirus etc. You can even use sieve on 
delivery. Perhaps fetch "Spam" too, if your ISP files it away.


Beware, you have to somehow keep tabs on remote and local usernames. 
Passwords will be different. Local updates should be no problem with a 
reasonable distro, e.g. the dovecot public repo.


Happy becoming a mail server admin!

Peter

Am 25.10.20 um 18:56 schrieb R. Diez:

Hi all:

I am evaluating mail server solutions for a small business. The trouble 
is, I am only a part-time admin and a newbie to mail servers.


Most guides I have seen are rather unrealistic: they encourage you to 
expose your e-mail server to the Internet, and hope that you have the 
resources to keep it patched up.


I would rather have an internal mail server that collects e-mails from a 
standard ISP mail server.  It is like the old "POP3 Connector" that came 
with Microsoft Exchange.  Sometimes, there is a mailbox per user on the 
ISP, and a corresponding one on the local server.  Other times, there is 
a single "catch all" or "multidrop" mailbox on the ISP.


Users can still access their internal mailboxes from outside through an 
OpenVPN connection.  The goal is that only VPN, and perhaps SSH, are 
accessible from the outside.  We do not need to arrange any special SMTP 
configuration with the ISP either.


This kind of mail server setup is rather different to the standard 
configuration. You do not normally need you own antivirus and spam 
filter, and you do not need to configure SSL certificates, MX or SPF DNS 
records. Most ISP handle that correctly and economically.  Internal 
e-mail does not leave your LAN, and your internal SMTP server is just a 
relay for the external ISP SMTP server.


Furthermore, most guides do not explain how to setup an autoresponder 
("I am on holiday until xxx") so that users can enable theirs with the 
mouse. Editing configuration files over SSH is not really an option for 
normal users. This detail is important because it could be the only 
thing I need above standard e-mail. Further groupware features can be 
seen as nice but ultimately unnecessary luxury, and a basic shared 
calendar can be accomplished with a separate server like 
https://radicale.org/ and a calendar client like one built into 
Thunderbird. Hopefully, that is all I would need for a small business.


Can anyone point me to the kind of guide I need? Failing that, I would 
need information or examples about using fetchmail, getmail or similar 
software with Dovecot.  Good or bad experiences from you guys would also 
help.


Each of those tools has a detailed man page, but there are many options 
and ways with different advantages and disadvantages.  I would need a 
simpler guide to get started.


I am aware that there are pre-packaged mail server solutions that would 
perhaps bring an easy-to-use autoresponder, but I haven't seen one yet 
that where you could tick a box like "this server is only internal and 
collects mail from the ISP server" during installation. Nor have I seen 
instructions about reconfiguring the mail server for my ISP mail scenario.


I am prepared to learn more and write my own Perl scripts and/or 
installation guide, but it would be stupid to waste time if something 
easy already exists.  After all, the setup I am describing (external ISP 
mail server + internal mail server) is not so weird.


Thanks in advance,
   rdiez

RE: Looking for a guide to collect all e-mail from the ISP mail server

[Marc Roos]

 
Maybe get something like Zimbra, such solutions also have support that 
you can buy when you need it or don't have time (I guess).



-Original Message-
From: R. Diez [mailto:rdiezmail-2...@yahoo.de] 
Sent: Sunday, October 25, 2020 6:57 PM
To: dovecot@dovecot.org
Subject: Looking for a guide to collect all e-mail from the ISP mail 
server

Hi all:

I am evaluating mail server solutions for a small business. The trouble 
is, I am only a part-time admin and a newbie to mail servers.

Most guides I have seen are rather unrealistic: they encourage you to 
expose your e-mail server to the Internet, and hope that you have the 
resources 
to keep it patched up.

I would rather have an internal mail server that collects e-mails from a 
standard ISP mail server.  It is like the old "POP3 Connector" that came 
with 
Microsoft Exchange.  Sometimes, there is a mailbox per user on the ISP, 
and a corresponding one on the local server.  Other times, there is a 
single 
"catch all" or "multidrop" mailbox on the ISP.

Users can still access their internal mailboxes from outside through an 
OpenVPN connection.  The goal is that only VPN, and perhaps SSH, are 
accessible from the outside.  We do not need to arrange any special SMTP 
configuration with the ISP either.

This kind of mail server setup is rather different to the standard 
configuration. You do not normally need you own antivirus and spam 
filter, and you 
do not need to configure SSL certificates, MX or SPF DNS records. Most 
ISP handle that correctly and economically.  Internal e-mail does not 
leave 
your LAN, and your internal SMTP server is just a relay for the external 
ISP SMTP server.

Furthermore, most guides do not explain how to setup an autoresponder 
("I am on holiday until xxx") so that users can enable theirs with the 
mouse. 
Editing configuration files over SSH is not really an option for normal 
users. This detail is important because it could be the only thing I 
need 
above standard e-mail. Further groupware features can be seen as nice 
but ultimately unnecessary luxury, and a basic shared calendar can be 
accomplished with a separate server like https://radicale.org/ and a 
calendar client like one built into Thunderbird. Hopefully, that is all 
I would 
need for a small business.

Can anyone point me to the kind of guide I need? Failing that, I would 
need information or examples about using fetchmail, getmail or similar 
software 
with Dovecot.  Good or bad experiences from you guys would also help.

Each of those tools has a detailed man page, but there are many options 
and ways with different advantages and disadvantages.  I would need a 
simpler 
guide to get started.

I am aware that there are pre-packaged mail server solutions that would 
perhaps bring an easy-to-use autoresponder, but I haven't seen one yet 
that 
where you could tick a box like "this server is only internal and 
collects mail from the ISP server" during installation. Nor have I seen 
instructions 
about reconfiguring the mail server for my ISP mail scenario.

I am prepared to learn more and write my own Perl scripts and/or 
installation guide, but it would be stupid to waste time if something 
easy already 
exists.  After all, the setup I am describing (external ISP mail server 
+ internal mail server) is not so weird.

Thanks in advance,
   rdiez