When launching a website or web application, users typically configure a mail server to process incoming and outgoing mail. However, often having your own mail server is a serious vulnerability for a project or even a company for a variety of reasons. In general, setting up and maintaining a mail server is a complex, time-consuming task.
I will try to describe the big blockers on this matter.
Difficulties of mail servers
A typical mail server consists of many software components, each of which performs a specific function. There are usually several dozen of these components. And each component is configured differently. Due to the large number of moving components, mail servers can be quite difficult to install.
You can, of course, download ready-made solutions or try to combine everything from different sources into one pile. But this will only make things worse.
Here are some points that almost all “loners” ignore.
Almost everyone gives up on this. This aspect is quite broad and it is almost impossible to describe everything.
- Encrypted backups.
- Force the use of TLS to send or receive messages.
- Intrusion detection. Including MITM, sending messages from non-typical places.
- Filtering with ratings of almost everything that is on the server/servers.
The purpose of a spam filter is to reduce the amount of incoming spam or junk mail that ends up in user’s mailboxes. To achieve this goal, spam filters apply spam detection rules that take into account various factors (message sender, content, and more) to evaluate the message. If this score exceeds the so-called “spam level”, the message is recognized as spam.
In theory, it’s all so simple. In practice it is completely different.
The spam filter constantly needs to be trained, monitor false-positives, and more. If there is a small amount of mail, the filter is practically useless. In addition, there are classes of spam that cannot be “caught” based on public lists.
Antiviruses, oddly enough, are used to detect viruses, Trojans, malware and other threats in incoming and outgoing mail. ClamAV is a popular open source antivirus. But, unfortunately, the public database is practically useless.
Mail server support
Now that we’ve become familiar with the email server components that need to be installed and configured, consider the following question: “why can maintaining an email server become too labor-intensive and time-consuming?” There are routine maintenance tasks: updating antivirus and spam filter rules, keeping all components up to date, etc.; but besides this there are many other points.
One of the side factors of outgoing traffic not working is being included in the “Blacklists”. This is very unpleasant, but essentially helps to filter out those who did not think much and made it possible to send a bunch of unwanted mail through themselves.
Although most people use email every day, not everyone can troubleshoot this complex system. For example, what should you do if sent messages were not accepted by the recipient? The problem may arise due to misconfiguration of one of the many components of the mail server (for example, due to a poorly configured outbound spam filter, or external factors like blacklists, or even how the mail server looks from the other side).
Googling takes a lot of time and effort. Incompetence in a number of issues can greatly affect the quality of the service. In addition, many companies depend on email, which in turn will bring completely unexpected results.
How did I do this?
It took me several years to study and implement all this. At the beginning of 2017, all the mail servers that I supported were destroyed and all mail moved to a single cluster.
At the moment, there are already more than 200 domains, most of which are corporate.
Some interesting points:
- Each process running in a personal container.
- Purchased ClamAV database.
- Incremental backups are made every 3 hours and full backups every month with asymmetric encryption.
- Built your own “Application Firewall” for SMTP, IMAP and web.
- Filtering of both incoming and outgoing mail using different algorithms and ratings.
- Automatic SPF, DKIM, DMARC.
- Online replication of all data to another data center in another country.
- Automatic rating system, separate from the spam filter, for all mail traffic.
- Tracking blacklisting with automatic redirects to other servers.
- And much more…
The system does not stand still. Changes are made almost every month to improve performance.