Setup secure email server

giggs · 10-04-2018, 04:52 AM

Hi all,

I'm new to Linux but want to experiment on how to set up a secure email server using centos 7.

Can anyone help, please?

Cheers

TenTenths · 10-04-2018, 05:06 AM

So what have you done so far and what problems are you having?

Turbocapitalist · 10-04-2018, 08:01 AM

First check to make sure that your planned IP address is not on any of the spam blacklsits. If it is, arrange for a different address.

Then you'll probably want to read up on SPF, DKIM, and DMARC to know what they do and plan how you will use them.

Then read up on exim, postfix, and qmail and pick one to start to work with for SMTP. Also look into Dovecot or Cyrus for IMAPS.

giggs · 10-05-2018, 03:03 AM

Hi,

To set up a secure email, what are some of the security hardening requirements and security controls I could implement in Linux to achieve the requirements.

Need help.

Turbocapitalist · 10-05-2018, 03:06 AM

We don't do your homework around here but we can help you over the hard parts if you show what you have tried and where you have gotten stuck. How far did you get in reading about SPF, DKIM, and DMARC?

descendant_command · 10-05-2018, 03:56 AM

Expand on your ‘requirements’.
Define “secure”.

giggs · 10-05-2018, 04:04 AM

What I mean by "secure email" is to implement a fully protected email service which I guess would use Postfix and Dovecot.

I just need guidelines, what to install 1st and so forth then I'll start exploring Linux. Am new to Linux but want to learn more about this operating system.

Turbocapitalist · 10-05-2018, 04:41 AM

Mail is more planning than installing. Installation goes in a second or two, that's not the challenge. Setting up MX records and configuring SPF, DMARC, and DKIM are more complicated. Also, be sure to check the blacklists to ensure your IP address is not on them. Otherwise, once you are up and running your mail will be blocked and the domain tainted as a spammer, in practice forever.

Now that you are basing your project on Postfix, what questions do you have from the official documentatoin, especially on setting up TLS?

TenTenths · 10-05-2018, 04:44 AM

Pick a distro
Find the appropriate security hardening guidelines for it (hint, you may find more for commercial distros like RedHat and its companion CentOS)
Pick an audit standard (if you're feeling really lucky go with PCI-DSS 3)
Once you've hardened your O/S to the relevant levels repeat the same exercise with Postfix and Dovecot.

Your favourite search engine is your friend here.

If you're asking for personal recommendations then use CentOS and follow the CIS Benchmarks

Turbocapitalist · 10-05-2018, 04:49 AM

Quote:

Originally Posted by TenTenths

Pick a distro
Find the appropriate security hardening guidelines for it (hint, you may find more for commercial distros like RedHat and its companion CentOS)

Canonical's Ubuntu is also a fine commercial distro and the Long Term Support releases have five years of support. Some may find it much easier to maintain. YMMV. Either way stick with a distro that will have some years of support before forcing upgrades.