Discussion:
[UPDATE 1] How to Easily Set Up a Full-Featured Linux Mail Server on Ubuntu 18.04.5 LTS with iRedMail 1.4.0
Turritopsis Dohrnii Teo En Ming
2021-04-27 13:47:42 UTC
Permalink
Subject: [UPDATE 1] How to Easily Set Up a Full-Featured Linux Mail
Server on Ubuntu 18.04.5 LTS with iRedMail 1.4.0

Good day from Singapore,

I followed linuxbabe.com's Xiao Guoan's guide and successfully setup a
full featured Linux mail server on Ubuntu 18.04.5 LTS with IRedMail
1.4.0.

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 25 April 2021 Sunday

Type of Publication: PDF Manual
Document Version: 20210425.01 (1st release)

***IMPORTANT NOTICE*** Please note that Turritopsis Dohrnii Teo En
Ming’s guide is based on Xiao Guoan’s guide at linuxbabe.com.

Reference Guide Used by Teo En Ming: How to Easily Set Up a
Full-Featured Mail Server on Ubuntu 18.04 with iRedMail
Link: https://www.linuxbabe.com/mail-server/ubuntu-18-04-iredmail-email-server
Original Author: Xiao Guoan

The following is a list of open-source software that will be
automatically installed and configured by iRedMail.

• Postfix SMTP server
• Dovecot IMAP server
• Nginx web server to serve the admin panel and webmail
• OpenLDAP, MySQL/MariaDB, or PostgreSQL for storing user information
• Amavised-new for DKIM signing and verification
• SpamAssassin for anti-spam
• ClamAV for anti-virus
• Roundcube webmail
• SOGo groupware, providing webmail, calendar (CalDAV), contacts
(CardDAV), tasks and ActiveSync services.
• Fail2ban for protecting SSH
• mlmmj mailing list manager
• Netdata server monitoring
• iRedAPD Postfix policy server for greylisting

In addition, you need to add MX, A and TXT records to your ISC BIND
DNS domain name server.

Redundant Download Links for Teo En Ming's PDF Manual:

[1] https://drive.google.com/file/d/1un8sLLmNSMIt7V6blWCvJEgwGvxMbd4B/view?usp=sharing

[2] https://drive.google.com/file/d/1i0vY7kfYkobu563qoI3_qCZg7G7BFoYR/view?usp=sharing

[3] https://drive.google.com/file/d/1U9MFN1EklLbA8TMweLV5ntiSJuBBVkpQ/view?usp=sharing

[4] https://www.docdroid.net/dW70KtS/iredmail-setup-1st-release-pdf

[5] https://www.mediafire.com/file/evar7j28knqyoj6/IRedMail+Setup+1st+Release.pdf/file

[6] https://www.scribd.com/document/504932780/IRedMail-Setup-1st-Release

Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 27 April 2021,
is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant
with a System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.







-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listin
Kevin A. McGrail
2021-04-27 13:55:28 UTC
Permalink
Very nice.  This was also posted on Postfix's list but nice to hear
firsthand reports as I just read it.

Two minor notes to continue the project that you might consider:

#1 bind for a local caching DNS query server and change resolve.conf to
127.0.0.1 for the best RBL performance.

#2 add the KAM ruleset: https://mcgrail.com/template/projects#KAM1

Regards,

KAM
Post by Turritopsis Dohrnii Teo En Ming
Subject: [UPDATE 1] How to Easily Set Up a Full-Featured Linux Mail
Server on Ubuntu 18.04.5 LTS with iRedMail 1.4.0
Good day from Singapore,
I followed linuxbabe.com's Xiao Guoan's guide and successfully setup a
full featured Linux mail server on Ubuntu 18.04.5 LTS with IRedMail
1.4.0.
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 25 April 2021 Sunday
Type of Publication: PDF Manual
Document Version: 20210425.01 (1st release)
***IMPORTANT NOTICE*** Please note that Turritopsis Dohrnii Teo En
Ming’s guide is based on Xiao Guoan’s guide at linuxbabe.com.
Reference Guide Used by Teo En Ming: How to Easily Set Up a
Full-Featured Mail Server on Ubuntu 18.04 with iRedMail
Link: https://www.linuxbabe.com/mail-server/ubuntu-18-04-iredmail-email-server
Original Author: Xiao Guoan
The following is a list of open-source software that will be
automatically installed and configured by iRedMail.
• Postfix SMTP server
• Dovecot IMAP server
• Nginx web server to serve the admin panel and webmail
• OpenLDAP, MySQL/MariaDB, or PostgreSQL for storing user information
• Amavised-new for DKIM signing and verification
• SpamAssassin for anti-spam
• ClamAV for anti-virus
• Roundcube webmail
• SOGo groupware, providing webmail, calendar (CalDAV), contacts
(CardDAV), tasks and ActiveSync services.
• Fail2ban for protecting SSH
• mlmmj mailing list manager
• Netdata server monitoring
• iRedAPD Postfix policy server for greylisting
In addition, you need to add MX, A and TXT records to your ISC BIND
DNS domain name server.
[1] https://drive.google.com/file/d/1un8sLLmNSMIt7V6blWCvJEgwGvxMbd4B/view?usp=sharing
[2] https://drive.google.com/file/d/1i0vY7kfYkobu563qoI3_qCZg7G7BFoYR/view?usp=sharing
[3] https://drive.google.com/file/d/1U9MFN1EklLbA8TMweLV5ntiSJuBBVkpQ/view?usp=sharing
[4] https://www.docdroid.net/dW70KtS/iredmail-setup-1st-release-pdf
[5] https://www.mediafire.com/file/evar7j28knqyoj6/IRedMail+Setup+1st+Release.pdf/file
[6] https://www.scribd.com/document/504932780/IRedMail-Setup-1st-Release
Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 27 April 2021,
is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant
with a System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.
-----BEGIN EMAIL SIGNATURE-----
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
*Kevin A. McGrail*
/CEO Emeritus/
*Peregrine Computer Consultants Corporation*
+1.703.798.0171 ***@pccc.com
 https://pccc.com/ https://raptoremailsecurity.com

10311 Cascade Lane, Fairfax, Virginia 22032-2357 USA
Grant Taylor via bind-users
2021-04-27 16:14:06 UTC
Permalink
Post by Kevin A. McGrail
#1 bind for a local caching DNS query server
I absolutely agree.
Post by Kevin A. McGrail
and change resolve.conf to 127.0.0.1 for the best RBL performance.
How much effective performance difference does the loopback interface
(lo) vs the local LAN interface (eth0) make?

Similarly, how much effective performance difference does an on host
instance of BIND make vs across the LAN to another host in the same site
make?

I absolutely agree that a /local/ /to/ /the/ /network/ caching DNS
server is a boon for email. -- Definitely avoid simply relying on big
3rd party resolvers across the Internet.



Aside: The rest of my reply gets to ride along and would not have been
sufficient for a reply in and of itself because I believe it's off topic
for BIND-Users.
Post by Kevin A. McGrail
Very nice.
It's interesting. It's a recent take on one of many ways to host your
own email.
Post by Kevin A. McGrail
This was also posted on Postfix's list but nice to hear firsthand
reports as I just read it.
I saw this message splattered to a number of mailing lists, many of
which I think the message (content) was rather off topic for the list.
E.g. what does it have to do with the BIND DNS server installation,
configuration, and operation, other than the fact that email usually
relies heavily on DNS service (implementation independent).
Post by Kevin A. McGrail
#1 bind for a local caching DNS query server
(See above.)
Post by Kevin A. McGrail
#2 add the KAM ruleset: https://mcgrail.com/template/projects#KAM1
To each their own.

Email administration is a massive topic in and of itself, which is
probably better discussed elsewhere.

I appreciate the recent, as in not months ~> years old article
encouraging people to host their own email. Though I personally
disagree with it or would do things a fair bit differently.
--
Grant. . . .
unix || die
Kevin A. McGrail
2021-04-27 16:24:11 UTC
Permalink
Post by Grant Taylor via bind-users
Post by Kevin A. McGrail
and change resolve.conf to 127.0.0.1 for the best RBL performance.
How much effective performance difference does the loopback interface
(lo) vs the local LAN interface (eth0) make?
Similarly, how much effective performance difference does an on host
instance of BIND make vs across the LAN to another host in the same
site make?
I absolutely agree that a /local/ /to/ /the/ /network/ caching DNS
server is a boon for email.  --  Definitely avoid simply relying on
big 3rd party resolvers across the Internet.
Agreed on the OT and good subject change.

For me, I wouldn't bind DNS to the eth0, just another attack surface
hence I would use local loopback.

Having a DNS on the lan is good too but caching on any mail server is
good.  There are a lot of DNS queries for email and anti-spam.

But the key takeaway is don't use something like quad-8.

Regards,

KAM
--
*Kevin A. McGrail*
/CEO Emeritus/
*Peregrine Computer Consultants Corporation*
+1.703.798.0171 ***@pccc.com
 https://pccc.com/ https://raptoremailsecurity.com

10311 Cascade Lane, Fairfax, Virginia 22032-2357 USA
Grant Taylor via bind-users
2021-04-27 16:46:25 UTC
Permalink
Post by Kevin A. McGrail
Agreed on the OT and good subject change.
:-)
Post by Kevin A. McGrail
For me, I wouldn't bind DNS to the eth0, just another attack surface
hence I would use local loopback.
I think the main reason to bind to eth0 / LAN is for when there are
multiple (mail) servers that can benefit from a common instance of BIND.
As opposed to having a dedicated instance of BIND on lo per (mail) server.
Post by Kevin A. McGrail
Having a DNS on the lan is good too but caching on any mail server is
good.
Do you think that per (mail) server instances of BIND are worth the
additional administrative overhead as compared to more central shared
instances?

E.g. if you had 29 mail servers, would you run BIND on each of their
lo's? Or would you use a small number of central / shared / redundant
servers?
Post by Kevin A. McGrail
There are a lot of DNS queries for email and anti-spam.
Yep.
Post by Kevin A. McGrail
But the key takeaway is don't use something like quad-8.
}:-)
--
Grant. . . .
unix || die
Kevin A. McGrail
2021-04-27 17:01:39 UTC
Permalink
For me, I run one locally per data center with forwarders, etc. defined
but for a "How to spin up your own mail server", I would likely just
keep it to one per mail server.

For someone more advanced, DNS is lightweight and anti-spam is very
heavy.  So anything you can save on anti-spam processing will likely
save more resources.
Post by Grant Taylor via bind-users
E.g. if you had 29 mail servers, would you run BIND on each of their
lo's?  Or would you use a small number of central / shared / redundant
servers?
--
*Kevin A. McGrail*
/CEO Emeritus/
*Peregrine Computer Consultants Corporation*
+1.703.798.0171 ***@pccc.com
 https://pccc.com/ https://raptoremailsecurity.com

10311 Cascade Lane, Fairfax, Virginia 22032-2357 USA
Tony Finch
2021-04-27 17:41:46 UTC
Permalink
Do you think that per (mail) server instances of BIND are worth the additional
administrative overhead as compared to more central shared instances?
Yes, that's what I did when I was doing mail things. There are a few
reasons: reduce load on the shared central resolvers; reduce the latency
of anti-spam blocklist lookups; better fate-sharing between the SMTP and
DNS parts of the mail service.

There's not much overlap between the kinds of queries done by mail servers
and other DNS users, so there's limited benefit from sharing a single
cache. There probably is benefit from sharing a DNS cache between multiple
mail servers, but from my point of view it was easier to have one kind of
machine that does SMTP + DNS than two different flavours of machine. (The
admin effort is per flavour, not per server.)

Tony.
--
f.anthony.n.finch <***@dotat.at> https://dotat.at/
Cape Wrath to Rattray Head including Orkney: Northeast 3 to 5 backing
north 3 or 4. Slight or moderate. Showers. Good.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Loading...