Building a proper mail server(and not get our mail tagged as spam)

L

levak

Limp Gawd
Joined
Mar 27, 2011
Messages
386
Hello!

I have to build a mail server for my company. I want to do it correctly and do everything to stay off the blacklists and my mail being marked as spam at the recipient side...

So far what I have in mind:
- new server(probably a ESX all-in-one box)
- Linux as OS(probably debian, since I'm used to it. Can go with CentOS if it's better or it has faster updates)
- postfix as MTA
- dovecot as POP/IMAP client
- MySQL user database
- might go with IRedMail bundle and set up all in one(SMTP, POP/IMAP, client AUTH, spamassassin, ClamAV,...)

As far as incoming spam prevention goes I plan to use:
- spamassassin(would you suggest using dspam instead?)
- ClamAV antivirus
- Checking of SPF records
- Greylisting

As far as preventing our mail to be marked as spam:
- all out users will have to auth before sending, so potential viruses or bots wont be able to send mail
- block access from local lan to external WAN on port 25(only possible to send via our mail server)
- add a SPF record for our domain
- add a DKIM record for out domain(is it worth it?)
- reverse DNS to our domain
- HELO with our domain

There will be 5-6 users on the system with lots of big incoming mail. We don't send that many mails out, somewhere around 50/day and no newsletters, so we shouldn't be tagged as spammers because of high mail count...

We have a 10/10 FTTH link with static IP from our ISP, but we don't have a personal whois entry for the IP. Is that going to be a problem, since some mail servers check whois record and if a different IP from the same subnet is blacklisted, it can blacklist us as well??

So, what do you think?
What would you change?
What am I forgetting?
What else could I do to make it more "spam proof"?
What do you think of greylisting? Does it bother you if your mail is not delivered right away?
Anyone using the IRedMail bundle? How much spam gets through? Are there many false positives?

Matej
 
Last edited:
People seem to miss out a few other little things, one is the helo reply, it needs to be the same as the external DNS name of your mail server also the rDNS needs to be correct as well.

Sometimes a smarthost may be the best way to get around the Spam issues.

levak said:
As fart as preventing our mail to be marked as spam:
Click to expand...

made me laugh
 
LOL, laughing at that 'fart' typo for the last minute:)

Yea, I forgot to mention the HELO reply and rDNS will also be taken care of and will the the same as both...

I'm also considering using smart host, but I have to check with my ISP if I can do that or if they allow.

Matej
 
I use a smart host at home with me exchange 2010 server on time warner. You just have to setup an spf record in the domains DNS that says email from the smart host is valid for that domain. You can set it up on diferent ports, and using SSL, so it can get past any ISP restrictions. Im using the dynDNS service at home, since its very cheap for low volume.
 
Yea, I'm also considering smart host from my ISP. I just have to check his reputation on black lists:)

Matej
 
Use a Smart Host. Better yet use a smart host thats an email filtering service.
 
We use AppRiver for all inbound spam filtering as well as outbound filtering / smarthosting. It's relatively cheap, and would help prevent any blacklisting issues.
 
Honestly? I've run mail servers on and off for several years, and I say let someone else handle it. The most efficient set up I've ever run was an exchange mail server with A/V, with both inbound and outbound mail service.

It's more efficient to let another company handle spam and security threats via email than it is to dedicate a significant chunk of my time to it.
 
Yea, we were thinking about that but providers with 100GB/mailbox are expensive. Yea I know, giant mailbox and we shouldn't use email for large attachments but that is how they/we are used to work and I don't want to change that, it's not my job:)

Anyway, I will start with antivirus and RBL lists and no spamassassin for the time being to see how it goes. Currently, we have very little spam coming in(maby a few a week) and if we keep it that way, there is no need to use spamassassin at the moment. I will start simple and upgrade from there.

MAtej
 
XOR != OR said:
Honestly? I've run mail servers on and off for several years, and I say let someone else handle it. The most efficient set up I've ever run was an exchange mail server with A/V, with both inbound and outbound mail service.

It's more efficient to let another company handle spam and security threats via email than it is to dedicate a significant chunk of my time to it.
Click to expand...

I agree. Smarthosts are much easier to work with then setting it up yourself.
 
+ a million for smart hosts outbound and inbound spam filtering hosted somewhere else. Something like SpamHero at $10/month/domain for unlimited email addresses and 100,000 inbound emails is a good basic place to start. With services like this (and many others) so cheap, I can't imagine why anyone would want the nightmare of setting up their own filters. I did that once, never again. Nice thing about offsite filtering is that you just lock down incoming port 25 requests to only the filtering company's servers. No worries about accidentally setting up a relay and all that junk either.

Even with only 5-6 users, you could move up to a much more fully featured filter that handles both outbound and inbound for probably $50/month. Messagelabs or something like that.
 
You must log in or register to reply here.
Back
Top