I'm doing a migration from an old-proprietary-stupid mailserver to Postfix, Dovecot, Spamassassin and Clavam antivirus etc etc. Sometimes internet is full of informations, sometimes internet give me some tips and sometimes - apparentely - no one is having my problems.
On my wiki notes I wrote a guide - step by step - useful to configure, in a real working environment, a mail server with these features:
- Postfix & Dovecot as MTA/MDA with TLS/SASL and IMAP/POP3/SMTP
- Postfix manage RBL, Black List, DNSBL and header check
- Postgrey manage greylisting
- Spamassassin for filter spam
- Clamav as antivirus
- Sieve for filtering email messages
- Postfixadmin as web-based front end for Postfix (with a mysql database & nginx)
- Roundcube as web-based IMAP email client
SPF and firewall configuration are not treated. These notes contains also a working and valid solution to send encrypted mail to external mail server, like gmail/google, with trusted TLS certificate. Oh yes, Google view your email as encrypted & safe mail and you've a lock :):
postfix/smtp: Trusted TLS connection established to gmail-smtp-in.l.google.com[220.127.116.11]:25:TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) postfix/smtp: E55BDFFA63: to=<firstname.lastname@example.org>, relay=gmail-smtp-in.l.google.com[18.104.22.168]:25, delay=0.59, delays=0.06/0.02/0.28/0.23, dsn=2.0.0, status=sent (250 2.0.0 OK 1516632052 n107si12756789wrb.247 - gsmtp)
It'll be aways a "work in progress page"!