Topic: Best Email Server Administration Practices?

[Jothand]

Hi all,
I'm looking for some advice on administering an SME email server. I am setting one up for a small office. I know how to set up users and configure the DNS but I'm wondering what should be done next? Do I add their domain to any global whitelists? How do I insure that they don't end up on a spam list somewhere? Whats the best way to secure the SME email server? Should I set up a back up email server in case this one goes down? If so, can someone point me to a good howto on the subject? I would like to prevent as many problems as possible. Any advice would be greatly appreciated.

[raem]

Jothand

Just do it, sme caters for all you want.

> Do I add their domain to any global whitelists?

You would add external senders to your whitelists if required.


> How do I insure that they don't end up on a spam list somewhere?

Referring to your users on your system, don't let them send spam or get virus infections that send a lot of spam.


> Whats the best way to secure the SME email server?

It's already secure by default, but don't use POP on external connections, use POPS or secure webmail (both available by default).


> Should I set up a back up email server in case this one goes down?

No, (unless you have a very high volume of email).
Email will be held in external queues and forwarded when your server is back up.
Also do not have/create a backup mail MX record, as this will only allow more spam into your system as antispam measures in sme are circumvented when you use a second backup MX record.


> If so, can someone point me to a good howto on the subject?

I think you need to read all the manuals too & this is not a RTFM suggestion, it clearly sounds like you have not read the manuals at all, as all setup is explained there.
http://wiki.contribs.org/SME_Server:Documentation

[haymann]

Email will be held in external queues and forwarded when your server is back up.

I have seen this posted on this forum many times, but I am wondering if it depends on the server the sender is using? For example, I have some att.net accounts set to forward to my email address that is on my personal SME Server, and if my server is down I don't get any messages that were forwarded during that time. Also I have most of my utility companies email me with statements and payment reminders. I have had one of them contact me to let me know that my email address was invalid because they tried to email me when my server was down. The server was only down for a few hours.

Now I know my SME Server will try for days to send as one time I fat-fingered my SMTP info and didn't get the bounce messages until about 9 days later. I guess my poor server had been trying all that time to authenticate to my ISPs SMTP server using the wrong password...
Ryan

[CharlieBrady]

Email will be held in external queues and forwarded when your server is back up.

I have seen this posted on this forum many times, but I am wondering if it depends on the server the sender is using?

It does. If that server correctly implements the SMTP protocol, then mail will be retried at intervals. If it doesn't, then nobody should be using it.

[raem]

haymann

> ... I have some att.net accounts set to forward to my email address that is on my personal SME Server....

I assume (on your sme server) you are using smtp & have a domain.
You would be better off advising your utility companies etc to send directly to user@yourdomain rather than via the att.net account.
Mail will be (should be) queued on the utility companies server.

When your server comes back up (after a few hours) then the mail will be delivered on the next retry attempt.

[haymann]

haymann

> ... I have some att.net accounts set to forward to my email address that is on my personal SME Server....

I assume (on your sme server) you are using smtp & have a domain.
You would be better off advising your utility companies etc to send directly to user@yourdomain rather than via the att.net account.
Mail will be (should be) queued on the utility companies server.

When your server comes back up (after a few hours) then the mail will be delivered on the next retry attempt.

Sorry to be a little unclear. The utility company was (and still is) sending directly to me on my domain, to my SME Server. Evidently their sever didn't try very hard to reach me...

The att.net accounts I am in the process of getting rid of and having all my mail come to my domain instead.

Thanks for the info guys!

[devtay]

Hi all,
I'm looking for some advice on administering an SME email server. I am setting one up for a small office. I know how to set up users and configure the DNS but I'm wondering what should be done next? Do I add their domain to any global whitelists? How do I insure that they don't end up on a spam list somewhere? Whats the best way to secure the SME email server? Should I set up a back up email server in case this one goes down? If so, can someone point me to a good howto on the subject? I would like to prevent as many problems as possible. Any advice would be greatly appreciated.

haymann,

I am a beginner too and had a lot of the same questions you have now. I would tell you these guys in the forums know what they are talking about. SME is out of the box, the best solution for the beginner. You don't have to worry about it being secure. When I started with my SME box, my domain was receiving about 15,000 emails a day with somewhere in the neighborhood of 100 spam emails per user being delivered (that is after spam filtering).

Since starting to use SME server, that number has dropped of to where I get maybe 3 spam emails a day (about 5000 ham/spam volume a day). SME's arrangement is a little difficult for some beginners to grasp due to the template system, but it gives you time to read the documentation and get familiar with qmail, spamassassin and contribs like qmhandle and fuzzyocr to name a few (and the rest of SME as well).

I have a backup service that caches my email for me when the server is down for whatever reason. The service sends the mail to me once my server is back up (example http://www.dyndns.com/services/mailhop/backupmx.html)  I don't use it, but it makes me feel better.

So, as for advice from one beginner to another, dig into the admin manual and get life with qmail. Also the spamassassin site has a lot of good stuff in it. Basically, I think if you are going to admin an SME server, you have to read the developer manual. The "new" wiki arrangement of contribs is a great resource. Sorry this was so long-winded. Good luck.

Devlin

[Jothand]

Thanks guys for all of your replies. I do appreciate them but I think I may not have made myself clear in my first post. I'm not actually a beginner. I have been using E-Smith/SME servers off and on for a few years now. Actually, I still have one of my older ones in production, I just checked and its running V5.5 and still chugging away. I know, I know, I need to update it. To be honest, its been running so good I'm afraid to update it. My Grandpa always used to tell me "If it aint broke, don't fix it." I just never used any of them as email servers. I usually disable that function. So I guess I am new to SME when it comes to administering one as a mail server. I just set it up for a small office with less than 10 users. They can all send and receive emails and they are happy. My problem is, what next? Are there any standard procedures I need to follow? I'm sure other email admins dont just set up a server and then sit back and wait for a problem to occur. How do I become proactive? I am totally oblivious to whatever responsibilities I have after the machine is up and running. Do I somehow announce to the world that "Hey, I am the admin for mail.mycustomer.com and it's ok to accept any emails from this domain because I followed all standard procedures?"  

I'm afraid that one day my customer will call me complaining that John Does company wont accept emails because their antispam mechanisms cannot determine if the email is legitamit or not. I would hate for this to happen just because I forgot to cross a t or dot an i somewhere.

Maybe I am overanalyzing my current situation, I tend to do that a lot. I just figured I would ask.

BTW, to be honest, it has been a looong time since I read the manual and I'm sure it has changed alot since then. I will make sure I RTFM.  

[CharlieBrady]

I'm sure other email admins dont just set up a server and then sit back and wait for a problem to occur.

I do.

[Jothand]

I'm sure other email admins dont just set up a server and then sit back and wait for a problem to occur.

I do.

Hmmmm...   I guess maybe I am overanalyzing this.