On Wed, 07 Jul 2021 10:04:06 -0700 techlists@phpcoderusa.com wrote:
Hi,
Please recommend a Dovecot book for a newbie... I have a fair amount of Linux PHP hosting experience - LAMP virtual host configurations. I'm new to BIND, Postfix, and Dovecot.
I'm running Ubuntu 20.04lts.
I have a test server almost working. Can send but not receive. Would like to understand more. I'm guessing it is a Zone (MX) / SSL / Client configuration issue.
Thanks in advance!!
I used this person's blog when I set up my servers. Unfortunately he only has guides for centos and freebsd but it is worth checking out. I think the odds of me setting up an email server from just the manuals would be zero, keyword me. But ubuntu verses centos should just be a packaging issue.
https://blog.andreev.it/?p=1975
I recall it being correct put not complete regarding postfix. I don't recall any Dovecot issue. It is 99% there. What I like is the guide provides a test at each step.
I advise you to start out small and add features later or never. After being hacked via RoundCube when I used a hosting service I am a firm believer in keeping the attack surface small. If this is a personal server (as is mine) I wouldn't even bother with spamassasin. You can stop much spam simply via Postfix. What this guide lacks is a number of milters for postfix required for DKIM and DMARC. Also I would set up the server using "submission" (port 587) since that allows for geofencing all the email ports other than 25, again presuming this is a personal server where geofencing would be appropriate.
There are a number of websites that can test your email server. For instance you wouldn't want to mistakenly be an open relay. They will also help with verifying all the identification features are proper. The deal with an email server is you need to look legit because the world is out to block you. In fact there are some ISPs that will simply reject your email until you contact them to get "allow listed". Some like Spectrum will never accept email from some VPS. [Sheer incompetence.]
Lastly my personal philosophy is to make no element of the email server programmable via a browser. I do everything via ssh and cli. This makes life hard for the hackers.