Project

General

Profile

Task #2257

Updated by Florian Effenberger over 3 years ago

This issue is about refactoring the main mail server.    Possible improvements include: 

 Base system: Dovecot (IMAP): 
 * Upgrade -Use the "passwd-file" driver for passdb and userdb to Debian 10 

 Dovecot (IMAP): avoid using PAM or the passwd(5)/shadow(5) database- 
 * -Replace the LDA with an LMTP server to receive mails from Postfix- 
 * Change mail storage format from maildir to mdbox, possibly compressed 

 Postfix (SMTP): 
 * Replace -Use virtual users- 
 * -Set @smtpd_sasl_type=dovecot@ (instead of @cyrus@)- 
 * Move amavis to a milter or an after-queue content filter 
 * -replace postgrey by rspamd a tighter postscreen(8)- 

 amavis 
 * consider setting Postfix' @notify_classes@ to empty 
 * switch to Milter 
 * -set @-o smtpd_proxy_options=speed_adjust@ as default- 
 * Guilhem proposed to use systemd 
 <pre> 
 Assuming you're using systemd as PID 1, a 
 quick and dirty fix would be to tell it to auto restart the service. 
 Rather than editing the unit file shipped by the package (which would be 
 overridden by the next amavis update), I'd go for an override 
 systemd.unit(5) file instead: 

     $ mkdir /etc/systemd/system/amavis.service.d 
     $ tee /etc/systemd/system/amavis.service.d/override.conf <<- EOF 
    	 [Service] 
    	 RestartSec=1min 
    	 Restart=always 
    	 #Restart=on-abnormal might be more appropriate, see 
    	 #systemd.service(5) for details 
     EOF 
     $ systemctl daemon-reload 
     $ systemctl restart amavis 

 You can see if the override systemd.unit(5) file is taken into account 
 with `sudo systemctl show amavis.service | grep ^Restart`. 
 </pre> 

 hostmaster alias 
 * consider switching to local mailbox only in case of too many notifications 

 domains 
 * switch to DNSSEC and TLSA records if feasible 

 antispam 
 * consider rspamd, incl. ARC signing

Back