Email architecture

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Email architecture

Tom Marcoen
Hey all,

I was wondering if someone knows about a good tutorial or design document describing how to setup postfix, dovecot (or something else) and other tools to create a good and secure email architecture, i.e.

-  how to configure postfix in a DMZ to relay incoming emails to a dovecot (or similar) server.
- how to configure postifx in a secure network to receive emails from users and forward it to a DMZ server
- how to configure a postfix server in a DMZ for outbound SMTP traffic.

But also more in general, what are the best practices for designing an email environment for a serious business?

Best regards,
Tom
Reply | Threaded
Open this post in threaded view
|

Re: Email architecture

Jeff Abrahamson
On 17/07/18 13:20, Tom Marcoen wrote:
Hey all,

I was wondering if someone knows about a good tutorial or design document describing how to setup postfix, dovecot (or something else) and other tools to create a good and secure email architecture, i.e.

-  how to configure postfix in a DMZ to relay incoming emails to a dovecot (or similar) server.
- how to configure postifx in a secure network to receive emails from users and forward it to a DMZ server
- how to configure a postfix server in a DMZ for outbound SMTP traffic.

But also more in general, what are the best practices for designing an email environment for a serious business?

Hi, Tom.

Much depends on the size of your business.  What you do for a serious business of four people will be different than for 400 and again for 4K or 40K.

That said, when I set up my site (combined personal and small business), I made reasonably extensive notes with links to sources I'd read.  So, depending on what you already know and how big your installation is, there may be some help there.  (An error I made was not using saltstack from the outset, something I'm slowly fixing.)
https://github.com/JeffAbrahamson/hosts/tree/master/p27
Please do write up and share what you learn and do for your own site.
-- 

Jeff Abrahamson
+33 6 24 40 01 57
+44 7920 594 255

http://p27.eu/jeff/
Reply | Threaded
Open this post in threaded view
|

Re: Email architecture

Miles Fidelman
In reply to this post by Tom Marcoen
For what it's worth:

Every time I have to (re)install a mail system, I google the combination
of "postfix spamassassin amavis" and I find some good tutorials on step
by step setup.  I seem to recall that one of the best was from one of
the hosting providers.  (Can't forget the antispam and antivirus -
they're the things that turn out to be the trickiest to wire in.

Miles Fidelman


On 7/17/18 6:20 AM, Tom Marcoen wrote:

> Hey all,
>
> I was wondering if someone knows about a good tutorial or design
> document describing how to setup postfix, dovecot (or something else)
> and other tools to create a good and secure email architecture, i.e.
>
> -  how to configure postfix in a DMZ to relay incoming emails to a
> dovecot (or similar) server.
> - how to configure postifx in a secure network to receive emails from
> users and forward it to a DMZ server
> - how to configure a postfix server in a DMZ for outbound SMTP traffic.
>
> But also more in general, what are the best practices for designing an
> email environment for a serious business?
>
> Best regards,
> Tom

--
In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra

Reply | Threaded
Open this post in threaded view
|

Re: Email architecture

Tom Marcoen
Hey Miles,

I agree, you can't forget about antispam and antivirus. I would run them on the relay hosts in the DMZ, not on the internal mail servers. Though that would be a tradeoff as well because then your internal emails between employees won't get scanned anymore.

On Tue, 17 Jul 2018 at 16:32, Miles Fidelman <[hidden email]> wrote:
For what it's worth:

Every time I have to (re)install a mail system, I google the combination
of "postfix spamassassin amavis" and I find some good tutorials on step
by step setup.  I seem to recall that one of the best was from one of
the hosting providers.  (Can't forget the antispam and antivirus -
they're the things that turn out to be the trickiest to wire in.

Miles Fidelman


On 7/17/18 6:20 AM, Tom Marcoen wrote:
> Hey all,
>
> I was wondering if someone knows about a good tutorial or design
> document describing how to setup postfix, dovecot (or something else)
> and other tools to create a good and secure email architecture, i.e.
>
> -  how to configure postfix in a DMZ to relay incoming emails to a
> dovecot (or similar) server.
> - how to configure postifx in a secure network to receive emails from
> users and forward it to a DMZ server
> - how to configure a postfix server in a DMZ for outbound SMTP traffic.
>
> But also more in general, what are the best practices for designing an
> email environment for a serious business?
>
> Best regards,
> Tom

--
In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra