Hello!
I have to build a mail server for my company. I want to do it correctly and do everything to stay off the blacklists and my mail being marked as spam at the recipient side...
So far what I have in mind:
- new server(probably a ESX all-in-one box)
- Linux as OS(probably debian, since I'm used to it. Can go with CentOS if it's better or it has faster updates)
- postfix as MTA
- dovecot as POP/IMAP client
- MySQL user database
- might go with IRedMail bundle and set up all in one(SMTP, POP/IMAP, client AUTH, spamassassin, ClamAV,...)
As far as incoming spam prevention goes I plan to use:
- spamassassin(would you suggest using dspam instead?)
- ClamAV antivirus
- Checking of SPF records
- Greylisting
As far as preventing our mail to be marked as spam:
- all out users will have to auth before sending, so potential viruses or bots wont be able to send mail
- block access from local lan to external WAN on port 25(only possible to send via our mail server)
- add a SPF record for our domain
- add a DKIM record for out domain(is it worth it?)
- reverse DNS to our domain
- HELO with our domain
There will be 5-6 users on the system with lots of big incoming mail. We don't send that many mails out, somewhere around 50/day and no newsletters, so we shouldn't be tagged as spammers because of high mail count...
We have a 10/10 FTTH link with static IP from our ISP, but we don't have a personal whois entry for the IP. Is that going to be a problem, since some mail servers check whois record and if a different IP from the same subnet is blacklisted, it can blacklist us as well??
So, what do you think?
What would you change?
What am I forgetting?
What else could I do to make it more "spam proof"?
What do you think of greylisting? Does it bother you if your mail is not delivered right away?
Anyone using the IRedMail bundle? How much spam gets through? Are there many false positives?
Matej
I have to build a mail server for my company. I want to do it correctly and do everything to stay off the blacklists and my mail being marked as spam at the recipient side...
So far what I have in mind:
- new server(probably a ESX all-in-one box)
- Linux as OS(probably debian, since I'm used to it. Can go with CentOS if it's better or it has faster updates)
- postfix as MTA
- dovecot as POP/IMAP client
- MySQL user database
- might go with IRedMail bundle and set up all in one(SMTP, POP/IMAP, client AUTH, spamassassin, ClamAV,...)
As far as incoming spam prevention goes I plan to use:
- spamassassin(would you suggest using dspam instead?)
- ClamAV antivirus
- Checking of SPF records
- Greylisting
As far as preventing our mail to be marked as spam:
- all out users will have to auth before sending, so potential viruses or bots wont be able to send mail
- block access from local lan to external WAN on port 25(only possible to send via our mail server)
- add a SPF record for our domain
- add a DKIM record for out domain(is it worth it?)
- reverse DNS to our domain
- HELO with our domain
There will be 5-6 users on the system with lots of big incoming mail. We don't send that many mails out, somewhere around 50/day and no newsletters, so we shouldn't be tagged as spammers because of high mail count...
We have a 10/10 FTTH link with static IP from our ISP, but we don't have a personal whois entry for the IP. Is that going to be a problem, since some mail servers check whois record and if a different IP from the same subnet is blacklisted, it can blacklist us as well??
So, what do you think?
What would you change?
What am I forgetting?
What else could I do to make it more "spam proof"?
What do you think of greylisting? Does it bother you if your mail is not delivered right away?
Anyone using the IRedMail bundle? How much spam gets through? Are there many false positives?
Matej
Last edited: