Looking for a guide to collect all e-mail from the ISP mail server

lists lists at lazygranch.com
Sun Oct 25 23:17:17 EET 2020 

You need SPF and DKIM for your outgoing email to be accepted. 

My idea of a secure email server is to use submission port 587. Expose port 25 to the world and aggressively filter all remaining email ports with a firewall. And I mean aggressive. Geographically filter so only countries where youe users reside can send and retrieve email. Block major hosting IP space. 

How many users will be on the system? If you can handle it, assign all the email passwords. This means you need to contact them out of band. I avoid cpanel or similar internet access to email settings. I use nothing but ssh to maintain my server. 











	  Original Message  	


From: rdiezmail-2006 at yahoo.de
Sent: October 25, 2020 10:57 AM
To: dovecot at dovecot.org
Subject: Looking for a guide to collect all e-mail from the ISP mail server


Hi all:

I am evaluating mail server solutions for a small business. The trouble is, I am only a part-time admin and a newbie to mail servers.

Most guides I have seen are rather unrealistic: they encourage you to expose your e-mail server to the Internet, and hope that you have the resources
to keep it patched up.

I would rather have an internal mail server that collects e-mails from a standard ISP mail server.  It is like the old "POP3 Connector" that came with
Microsoft Exchange.  Sometimes, there is a mailbox per user on the ISP, and a corresponding one on the local server.  Other times, there is a single
"catch all" or "multidrop" mailbox on the ISP.

Users can still access their internal mailboxes from outside through an OpenVPN connection.  The goal is that only VPN, and perhaps SSH, are
accessible from the outside.  We do not need to arrange any special SMTP configuration with the ISP either.

This kind of mail server setup is rather different to the standard configuration. You do not normally need you own antivirus and spam filter, and you
do not need to configure SSL certificates, MX or SPF DNS records. Most ISP handle that correctly and economically.  Internal e-mail does not leave
your LAN, and your internal SMTP server is just a relay for the external ISP SMTP server.

Furthermore, most guides do not explain how to setup an autoresponder ("I am on holiday until xxx") so that users can enable theirs with the mouse.
Editing configuration files over SSH is not really an option for normal users. This detail is important because it could be the only thing I need
above standard e-mail. Further groupware features can be seen as nice but ultimately unnecessary luxury, and a basic shared calendar can be
accomplished with a separate server like https://radicale.org/ and a calendar client like one built into Thunderbird. Hopefully, that is all I would
need for a small business.

Can anyone point me to the kind of guide I need? Failing that, I would need information or examples about using fetchmail, getmail or similar software
with Dovecot.  Good or bad experiences from you guys would also help.

Each of those tools has a detailed man page, but there are many options and ways with different advantages and disadvantages.  I would need a simpler
guide to get started.

I am aware that there are pre-packaged mail server solutions that would perhaps bring an easy-to-use autoresponder, but I haven't seen one yet that
where you could tick a box like "this server is only internal and collects mail from the ISP server" during installation. Nor have I seen instructions
about reconfiguring the mail server for my ISP mail scenario.

I am prepared to learn more and write my own Perl scripts and/or installation guide, but it would be stupid to waste time if something easy already
exists.  After all, the setup I am describing (external ISP mail server + internal mail server) is not so weird.

Thanks in advance,
   rdiez

More information about the dovecot mailing list