OPNsense Forum
English Forums => General Discussion => Topic started by: logan23 on May 07, 2020, 10:06:34 am
-
Hi!
I'd like to set up my own mail server.
I just need to be able to send and receive emails for my personal use.
As a client, I use Thunderbird SMTP POP3 IMAP running on my Windows which is behind OPNsense.
In spite of the fact that I have some unix skills, I don't know much about mail servers.
I know that OPNsense wasn't designed to become a mail server and, of course, that it isn't its primary usage goal but, at the same time, I've noticed that postfix was available as a plugin, so, after all, it'd be very convenient to run my own mail server as well.
If I configure the postfix plugin, will it be enough?
If not, what else do I need to do?
Thanks!
-
Hi,
the plugin is designed to only act as a relay.
You'll have to host an internal server.
-
Wikipedia says Postfix is a mail transfer agen (MTA), what you call a relay from my quick understanding. Correct?
So it's not enough, what about adding "Dovecot" as a plugin to OPNSense?
If "Dovecot" would be available, then would it be enough to run a simple mail server?
https://www.freebsddiary.org/dovecot.php (https://www.freebsddiary.org/dovecot.php)
What about "iRedMail"? https://docs.iredmail.org/install.iredmail.on.freebsd.html (https://docs.iredmail.org/install.iredmail.on.freebsd.html)
Thanks
-
I don't think we will accept a mail server plugin in the foreseeable future.
Cheers,
Franco
-
Even if it is in the firewall DMZ? I mean there should be a way to isolate it from the firewall... without having to buy another computer to make a mail server run + all the additional tiresome routing configuration and maintenance that it will imply... please francisco? ;D
-
It runs locally, it doesn't matter if it's in DMZ or not.
People will ask for recovery/backup of mails, feature after feature, issues with upstream software involved, Microsoft compatibility issues....
My day job is a SMTP encryption gateway software. I can see this daily. This is not a mission we should be taking on.
Cheers,
Franco
-
It's a pity but I understand, no problem.
Maybe it can be clearly specified that no help/tech support will be provided for recovery/backup of mails, issues with upstream software involved, Microsoft compatibility issues.... A sort of plugin "as is" like many new others that would correspond to this category... You could offer 2 plugin categories :
1) the standard one, where people can ask for tech support.
2) the non-standard one, where people will clearly be informed that no tech support will be provided whatsoever.
This makes me think of linux distribution repos, officials ones and others.
By the way. I like Arch linux (Manjaro) and I'm wondering if it is better for security or not.
I haven't been following Unix for a while, but I've learnt it at the very beginning (UNIX System V Release 3.2 (1987) & Minix & Xinu!!
Thank you for your good work anyways.
-
... without having to buy another computer to make a mail server run + all the additional tiresome routing configuration and maintenance that it will imply.
If you want to run it on one PC set-up a visualised system (ESXi, hyper-v, proxmox, ...) and run both as VM: OPNsense and an all-in-one mail server package like mailcow, iRedMail or mail-in-a-box. Once set-up there is nothing to maintain.
-
Thanks but IMHO, a hypervisor is able to act as a keylogger, take screenshots, include a backdoor, especially closed code sources from commercial companies. I won't add any additional security risk.
"The use of hypervisor technology by malware and rootkits installing themselves as a hypervisor below the operating system, known as hyperjacking, can make them more difficult to detect because the malware could intercept any operations of the operating system (such as someone entering a password) without the anti-malware software necessarily detecting it (since the malware runs below the entire operating system). Implementation of the concept has allegedly occurred in the SubVirt laboratory rootkit (developed jointly by Microsoft and University of Michigan researchers) as well as in the Blue Pill malware package. However, such assertions have been disputed by others who claim that it would be possible to detect the presence of a hypervisor-based rootkit. In 2009, researchers from Microsoft and North Carolina State University demonstrated a hypervisor-layer anti-rootkit called Hooksafe that can provide generic protection against kernel-mode rootkits.
-
It's a pity but I understand, no problem.
Maybe it can be clearly specified that no help/tech support will be provided for recovery/backup of mails, issues with upstream software involved, Microsoft compatibility issues.... A sort of plugin "as is" like many new others that would correspond to this category... You could have offer 2 plugin categories :
1) the standard one, where people can ask for tech support.
2) the non-standard one, where people will clearly be informed that no tech support will be provided whatsoever.
This makes me think of linux distribution repos, officials ones and others.
By the way. I like Arch linux (Manjaro) and I'm wondering if it is better for security or not.
I haven't been following Unix for a while, but I've learnt it at the very beginning (UNIX System V Release 3.2 (1987) & Minix & Xinu!!
Thank you for your good work anyways.
What so you mean with tech support?
-
franco said people will ask for recovery/backup of mails, feature after feature, issues with upstream software involved, Microsoft compatibility issues....
I can understand he doesn't want to provide tech support for that...
-
He meant this related to Dovecot, since when someone add it the next one wishes a one-click backup etc.
-
I know! I perfectly understood what he meant! This is why I proposed 2 plugin categories, see above.