SoftXS Email Server Setup and Configuration

V2Master | V2HighLevelDesign

Email Domains Controlled by SoftXS

The email server currently processes email for the following domains:

  1. softxs.ch - SoftXS

  2. salandra.net - Sandra Largo

  3. incawatt.com - Geraud Soubrier Active

SoftXS additionally owns/controls the following domains:

  1. works-organiser.ch - SoftXS

  2. works-organiser.com - SoftXS

  3. works-organizer.ch - SoftXS

  4. works-organizer.com - SoftXS

  5. incaplan.ch - Geraud Soubrier

  6. incaplan.com - Geraud Soubrier

  7. incawatt.ch - Geraud Soubrier

  8. jkaelin.ch - Joseph Kaelin

to do - list the companies and DNS configuration details for each domain name

Current Email Server Configuration (2014-10)

  1. The idun.softxs.ch email server is the ONLY server we have that can receive email

  2. We have no backup email servers!

Hardware and Operating System

  1. Name: idun.softxs.ch
  2. Located at AH apartment on a relatively slow incoming connection

  3. Hardware: IBM NetVista with 8 GB physical memory & 8 GB swap space

  4. 2 x 3 TB WD gmirrored disks
  5. OS: FreeBSD 9.1 (December 2012)
  6. Sendmail Version 8.14.5 (2011-05-17)

Services Provides by Email Server

  1. Incoming email reception including delivery to local mailboxes
  2. Outgoing email delivery
  3. IMAP access
  4. Storage (25GB) email in folders for local users (alan, tibor, etc.)
    • 14G - alan
    • 6.5G - geraud
    • 108M - james
    • 269M - jjk
    • 3.1G - sandra
    • 575M - tibor
  5. TLS (security certificate)
  6. Spamassassin spam filtering

Specification for New Email Server

  1. Postfix based mail processing
  2. Must have ability configure automatic forwarding of emails to V2 project systems
  3. Email server in an Ubuntu-based VM, initially deployed on server in Cham data center
  4. At least one backup email server setup, not in the Cham data center
    1. [need to decide if backup server buffers or forwards to the primary server]
  5. All setup and configuration scripted using Puppet
    1. Including setup of forwarding to V2 specific systems
    2. Ideally only a single configuration entry will be need for forwarding V2 project email. E.g.:
      1. All mail to {name}@{project}.works-organiser.ch is sent to V2 system {name}
      2. Each V2 system must have catch-all folder for filing emails with an unknown {name}
  6. Use virtual users for all local mail recipients (alan, tibor, sandra, geraud, etc)
  7. IMAPS access for email recipients

Implementation Plan

Phase I - Proof of Concept Mail Server

  1. Setup Ubuntu-based VM with Postfix and other required packages
    1. Initially setup works-organiser.com
    2. Setup port forwarding via the firewall
      1. This will require a major change to the current host system setup, which uses rinetd, etc.
  2. Setup MX records for work-organiser.com
  3. Configure Postfix to receive email for domain work-organiser.ch
    1. Setup TLS
    2. Setup spam filtering
    3. Setup IMAPS
  4. Configure Postfix to receive email for the domain works-organiser.ch
    1. Setup a test virtual user to receive all mail for the domain
    2. Test sending email
  5. Configure Post fix to receive email for sub-domains for works-organiser.ch
    1. Setup project based forwarding for sub-domain mail
      1. Call a simple script
      2. Call a V2 script - Verify that email

Phase II - Implement Production Server

  1. Re-script the deployment to a VM on the zg-3 server

Phase III - Migrate Local Users

  1. Migrate sandra@salandra.net

  2. Migrate geraud@incawatt.com

  3. Migrate all softxs.ch email users

Phase IV - Setup Backup Email Server

  1. Decide where to host the backup server
  2. Decide whether to buffer or forward email
  3. Re-script deployment of server

Current state (as of 2017-03-14)

  1. The main SMTP server for softxs.ch is on idun (FreeBSD 9.1) with sendmail. Configuration manually.
  2. The deployment to the VM smtp1 on zg-3 is done (Ubuntu 12.04.5 LTS) with postfix. Configuration is handled by puppet. All VMs on zg-3 are using this mail server as relay host.
  3. The zg-1 server still an old FreeBSD 8.0 with sendmail and simple manual configuration. It is set with SMART_HOST mbox.softxs.ch (=smtp.softxs.ch)

Problems

  1. Postfix on VM smtp1 can not decide if an SMTP call is received from our servers or from outside, because all external (not from VMs on zg-3) SMTP calls are forwarded through rinetd on zg-3, causing all source addresses be the IP address of zg-3. Therefore relaying can not enabled generally.

  2. There are some email domains, which can not be reached from idun, because the IP address is blacklisted by their providers via the BaraccudeCentral spam vlacklist. This was corrected on 2017.03.14, and the configuration for the work-around shown below was disabled on 2017.03.20.

    To workaround this problems, currently the critical domains added manually to the configuration on postfix on smtp1 as: 

    relay_domains = opb.de obermeyer-ae.com

    And on zg-1 in /etc/mail/zg-1.softxs.ch.mc as: 

    FEATURE(`mailertable')

    and in /etc/mail/mailertable as: 

    opb.de smtp:smtp1.softxs.ch
obermeyer-ae.com smtp:smtp1.softxs.ch

    Note that after configuration changes run "service postfix restart" on smtp1 and "make all; make install; make restart" on zg-1.

Configuration in transition state implemented at 2017-04-05

  1. New SMTP server as a VM on zg-2, namely smtp2. This server is responsible for all outgoing emails and later for incoming emails for our domains.

    • Configured using the puppet module postfix_server_primary.
      Note: mydestination in main.cf has to contain all of our domains the mailboxes to be handled on smtp2 for.

  2. New SMTP server on the zg-2 base machine. This server is a relay server for all VMs on zg-1, zg-2 and zg-3 and later for the outside world, but only for our domains.

    • Configured using the puppet module postfix_satellite with relaying options set.
      Notes:

      • No rinetd is running on zg-2, so all SMTP connection request to smtp2.softxs.ch is handled by zg-2
      • Relayhost is given with the internal IP address 172.16.1.5 because smtp2.softxs.ch would point to zg-2.softxs.ch causing self reference

Mail Routing Examples

  1. Mail from zg2t1.softxs.ch to nagyt@hu.inter.net

    • zg2t1.softxs.ch (relayhost = smtp2.softxs.ch) --> zg-2.softxs.ch (relayhost = 172.16.1.5) --> smtp2.softxs.ch (relaying to hu.inter.net)

  2. Mail from zg2t1.softxs.ch to tibor@softxs.ch

    • zg2t1.softxs.ch (relayhost = smtp2.softxs.ch) --> zg-2.softxs.ch (relayhost = 172.16.1.5) --> smtp2.softxs.ch (will be saved later in mailbox)

List Hosting Providers for Backup Email Server

Goal is to try another local ISP to reduce our dependency on datawire.ch

  1. hosteurope.ch, located in D4 Technopark (near Luzern)
    1. Dedicated VM-based servers: 15-20 CHF/month
    2. Larger serves (48-128 GB): 60-170 CHF/month
    [list to be extended]

EmailConfiguration (last edited 2017-04-05 12:19:55 by TiborNagy)

Copyright 2008-2014, SoftXS GmbH, Switzerland