[PLUG] Webmail server suggestions

Michael Robinson plug_0 at robinson-west.com
Thu May 6 13:54:01 UTC 2004 

chris wrote:

>since it hasn't been mentioned, courier has an all in one package that 
>includes pop3, imap, smtp and a webmail interface.
>
>http://www.courier-mta.org
>
>chris
>
>On Wednesday 05 May 2004 08:40 pm, Geoff Freeman wrote:
>  
>
>>My gf and I just bought our first domain name, and we want to run our own
>>email server.  Hopefully one with a webmail interface.
>>
>>can anyone suggest some good programs for me to run?
>>
>>    
>>
I've tried to do HORDE IMP a couple of times but had major difficulties 
with it.  A number
of people prefer squirrelmail.  My advice is to set up webmail last. 
 You want to do
postfix/qmail, spamassassin, DNS, and possibly mailscanner with ClamAV 
first.  
I've tried qmail, Postfix seems easier, Sendmail is a headache and 
insecure, don't know
about Exim.

Note the only thing I don't like about using dns ignorant under Postfix 
and Mailscanner
is that information about what I get is being sent to some unknown 
outside source.
For virus filtering, going out to an external source and getting fresh 
virus info is a good
idea.  If this happens with the email itself, be aware that someone 
outside your system
is probably getting to read it too.

Probably a good idea to chroot apache and custom compile for webmail so 
if you have trouble,
you don't lose all your work setting up the mail server itself.  

I'm getting ready to start a project that takes a completely different 
approach to spam.  Yes you
can filter it, but if you filter solely, you still get a lot of junk and 
could miss a virus, etc.

     It recognizes a few key ideas:

          1) Spam creates excess heat and ruins hard disks that host 
mail spools.

          2)  The more complex your filtering is, the easer it is to 
filter the wrong
               thing.

          3)  Most people can build a list of who they contact and are 
contacted
                by through an email address, this can be used to reduce the
                namespace that needs to be filtered for some accounts.
           
         4)   Untrusted mail needs to be handled off site or thrown away.

I'm planning on mailservers on my gateways that spool in ram and dump to
Sandisks in emergencies to address issue 1.  These mail servers are going to
be developed to selectively relay to my existing MTA.  

Issue 2 will be eased by allowing email from unknown senders to be held 
until
the source is trusted or a period of 24 hours passes .  I'm thinking, have
a website internally for the intended recipient to indicate that a 
sender is okay,
if they want.  If a person had been asked about a sender and doesn't 
trust that
sender, the message can be simply be sent to a dirty site right away.

Concerning point 3, the advantage of this is that space on the relay 
isn't being
lost to  junk mail intended for a protected account.  This approach is 
really
good if a user knows his/her audience and/or can get people to switch the
email address that they send to. So as long as the sender understands that
they have to use the trusted source address having an adequate procedure
to follow if their email address has to change, this shouldn't be a 
problem.    
  
Point 3 is an idea that I want to implement on an email address by email
address basis.  Not implementing 3 will mean following the policy for
point 2 concerning messages from untrusted sources. Implementing three
without 2 means not using email to get new email sources, but it also
means if you don't accept outside postmaster and admin mail that you don't
need a dirty mail mail site.

If I implement point 4 fully, I probably need two new servers.  One machine
would be a Linux iptables or BSD based machine implementing a one way
door for the smtp and smtps protocols.  The other machine gets to be a 
second
mailsite with locally installed MUAs on it as well,  This "dirty" site 
can't touch
the trusted network.     

I recommend that all postmaster and admin email from outside your network
be routed to a dirty mail mail site.

If the dirty mail site gets infected, something important might get 
lost.  Can
anyone comment on using user mode linux, or any other possible tricks, to
address this issue?

For Point 3 to work, you need a special list for unresolvable trusted 
hosts.  I
also recommend throwing away or sending to a dirty site any forged email
where the source domain is not either on an unresolvable but trusted 
list, or
dns server somewhere.  The best test would be a bounce check.  If you can't
bounce a message, why accept the sender or even place the message on a
dirty site?  I am against smtp authentication, apparently noone needs to 
know
the secret to thwart it since they can just copy the secret and voila, 
they've
gotten around your security filter.  It may be that a secret sent out by 
phone
or other means is the way for a sender to mark their message as being from
them.  Encryption seems to be more useful for protecting against snooping
though than unwanted senders.  Anyone can hack on encrypted email for
as long as they want.  Statistically, someone has to be interested 
considering
the sheer volume of email.  

The biggest problem today is invasion of privacy because spam houses and
spam gangs think noone is in control of threir own email boxes and because
some people answer unsolicited and invasive email.  The big thing is how
you determine accurately that an email came from someone, or something,
that /or whom you want to correspond with.  Accomplish the latter, the
race to filter content on your end will be eased considerably.  The 
other big
thing is to not miss anything that could be a virus or malicious code, I 
guess
this means figuring out if an email is just a plain text message that 
isn't a
program and for convenience sake figuring out which mime messages are
safe too.

I've tried iptables based blocking of ips.  I recommend against this 
becuase
of virtual hosting of multiple sites on the same ip and you probably want
to at least allow dns from anywhere.  Besides, if a friend gets a virus
he/she may get blocked.

You might want to spamassassin on a relay and relay marked mail to a
dirty site.  The only thing is, I don't know how to detect trustworthy html
email and/or email that is anything but clear text.

Email is a service that  you may want to go through your ISP for from the
standpoint that he gets infected and you don't.  Unfortunately, I don't know
if there are any ISP's out there that gurantee you won't get viruses from
them, etc al.  I wonder if anyone can gurantee this?

Hope this helps ;-)

     Michael C. Robinson

More information about the PLUG mailing list