New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Features #1

Closed
wesley974 opened this Issue May 24, 2018 · 77 comments

Comments

Projects
None yet
@wesley974
Contributor

wesley974 commented May 24, 2018

Let's discuss about the features we need to implement.
And start to fill the README.

Thank's to @jaypatelani @vetelko @teatkin @qbit and @romanzolotarev for joining!!

@wesley974 wesley974 changed the title from Features, Todos List to Features May 25, 2018

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

What's about the following ?

  • Multiple domains support with only one admin
  • Work on OpenBSD 6.3
  • Maildir format
  • MTA : OpenSMTPD
  • DKIM support
  • Antispam : spamd with spf walk
  • MDA : Dovecot
  • POP3 / IMAP Protocol
  • Manage Sieve
  • MUA : Roundcubemail
  • Web Server : httpd
  • Let's Encrypt certificate
  • Packet Filter
  • CLI to manage domains/users and spam, monitoring (cpu, mem, free space, used space per user)
  • Installer (a mix of shell scripts)
  • Full comments on any scripts and configuration files
  • Describe how to backup & restore your server
@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 25, 2018

I would opt for a KISS concept.

Meaning using plain text files wherever possible. (-> This means store the users, passwords, rules in plaintext - no databases).
But it depends on the fact, who should admin the mailserver? The root of the box or the mailuser? Should the project result in a system that

  • is set up by me serving multiple clients. Or is the goal of the project something
  • like an adminpanel where a client can configure his maildomain, (add mailboxes, create mappings... - something like Confix or Plesk).

I think this design question comes first, because if root (or any other system user) manages the mailbox then he can easily fire up vim /etc/mail/foo, but if the owner of the maildomain manages it then this user has no permissions in filesystem and we need a database.

Right?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

I can see 2 cases :

  • We host multiple domains, so it will be best to enable a user to administrate his own domain using a CLI or a GUI.
  • We host only one domain, so 'root' can be used to administrate.
@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 25, 2018

But isn´t there a 3. case

  • We host multiple domains, and 'root' is the only one to administrate.

This usecase is what I do on my servers.
I have clients that are no techie people. They don´t know how to setup a mailbox. They even don´t know exactly what they want. They only know that they want to "send and receive a letter via internet".

...and in the end I don´t want them to create mailboxes, emailaddresses or passwords on my machines. I want to do it myself, so I can be sure that it is setup correct and then I can give support.

@teatkin

This comment has been minimized.

teatkin commented May 25, 2018

I think what we need is #3 where one person administers the extra domains from the root account but will fall back to #1 with the default domain if the users don't want/have their own domain

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

Ok it will be great if we can discuss with the others about this

  • We host multiple domains, so it will be best to enable a user to administrate his own domain using a CLI or a GUI.
  • We host multiple domains, and 'root' is the only one to administrate.
  • We host only one domain, and 'root' is the only one to administrate.
@teatkin

This comment has been minimized.

teatkin commented May 25, 2018

If we allow more than 1 domain, we definitely need a fallback

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

Keeping this one

"We host multiple domains, and 'root' is the only one to administrate"

It simplifies a lot. We can stay on plain-text files. And perhaps inspire us from the OpenSMTPD FAQ.
And even complete the FAQ for a full featured mailserver !

@jaypatelani

This comment has been minimized.

jaypatelani commented May 25, 2018

I think we keep only one domain ..

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

Installer could let you to choose between 2 models (Single | Multiple Domains).

@teatkin

This comment has been minimized.

teatkin commented May 25, 2018

I am somewhat inclined to agree with @jaypatelani. I think we need to keep this like a "corporate" email and then it can be used as a template for other people who want to use their own domain

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

@jaypatelani @teatkin there are already many full examples of such configuration on the web.
It will be awesome to try to complete the OpenSMTPD FAQ, turn this into a full featured mailserver.
That said, it s just my opinion, we need to debate :-)

@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 25, 2018

I think it changes not much if there is single domain or multiple domains.
I think the only thing that would have the design to change is if there are multiple administrators with different permissions.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

We go for multiple domains support with only one admin.
Right ?

@mischapeters

This comment has been minimized.

mischapeters commented May 25, 2018

Great idea to fully document a total solution. I have been meaning to rework PostfixAdmin to (Open)SMTPdAdmin. But from a README perspective I would suggest to indeed to for a single admin. If you have managed to get the setup running, changing the setup for multiple admins is going to be the easier part. ;)

@mischapeters

This comment has been minimized.

mischapeters commented May 25, 2018

As for anti-spam I would suggest to focus on spamd and not rspamd or SpamAssassin.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

Questions :

  • Why SpamAssassin instead of rspamd ?
  • spamd as blacklist mode or greylisting mode ?
@mischapeters

This comment has been minimized.

mischapeters commented May 25, 2018

Wasn't clear enough... not rspamd and not SpamAssassin. :)
spamd in greylist mode including spf walk to whitelist the big mailers.

@tvlooy

This comment has been minimized.

tvlooy commented May 25, 2018

What will the examples look like? I built an example 3 node OpenBGPd setup that can be started with Vagrant and is provisioned with ansible. It's minimal but does it's job https://github.com/tvlooy/openbsd_examples/tree/master/bgp_ansible I'm not sure if vmm for Vagrant already works (my example uses VirtualBox) but if that's the case it seems to me like a good solution?

@mischapeters

This comment has been minimized.

mischapeters commented May 25, 2018

Thank you for the invite as for MTA I would suggest OpenSMTPd and use as much in base as possible. Which is also the reason I suggested spamd. Provides pretty solid anti-spam, especially now with spf walk.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

@mischapeters you re welcome. Ok for OpenSMTPD.
Regarding spamd, i'm by no means a 'greylist' supporter; at work we have clients that complains with delay receiving new emails.

@mhekeler OK for multiple domains support with only one admin.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 25, 2018

@tvlooy examples i talked :
ansible-role-mailserver from gonzalo (single domain support)
caesonia project from vedetta (complex)

@stevelord

This comment has been minimized.

stevelord commented May 25, 2018

I'm glad someone pointed out caesonia before I did. All I'd ask is for a mailing list manager and archive as part of the setup.

@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 26, 2018

@wesley974 the link to caesonia project is wrong (an "L" too much ;-))

@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 26, 2018

I would opt for no antivirus on emailserver.
Antivirus software users (usually) have the service running on their client.
...to be honest I think that an emailserver should just transport (=what goes in should come out).
And BTW: is there anyone that wants to do antivirus properly that relies on ClamAV?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 26, 2018

@mhekeler thank's, corrected! (i.e link) ; OK for no antivirus protection.

@stevelord

This comment has been minimized.

stevelord commented May 27, 2018

Also further to @jaypatelani and @taoeffect, I run Mailu. The whole setup and interface is pretty awesome. However, I have absolutely no idea what code is running on that mailserver at any point in time, which is also pretty terrifying.

I plan to move it to OpenBSD at some point, but I'm going to miss that nice web interface.

@alphacc

This comment has been minimized.

alphacc commented May 27, 2018

For the sake of history https://github.com/mailserv/mailserv/ had a really simple/nice/powerful admin interface. I was a paid customer from @allard offering it was very nice.tool.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 27, 2018

Can i have your choice (everyone) ? Keep things simple with a minimum of installed packages and a CLI or try to port 'mail-in-a-box' or 'mailu' to OpenBSD ?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 27, 2018

@alphacc i used it also, and i have a 6.0 running version : https://github.com/wesley974/mailserver
With script to upgrade to 6.3 ; and yes, the admin console in rails is a power one!

@teatkin

This comment has been minimized.

teatkin commented May 27, 2018

A very well commented and explained set of config files and maybe roundcube (I've been meaning to learn BCHS, maybe here's a project for me) and some ksh scripts. I like mail-in-a-box type projects but they black box the user somewhat (in that the user likely never looks at the source to know what their server is doing)

@stevelord

This comment has been minimized.

stevelord commented May 27, 2018

If I could make a suggestion:

  • Consider who the ideal users are going to be, their systems experience and skill levels
  • Consider an upgrade path (e.g. OpenSMTPd grammar change, release vs current)
  • Consider ease of deployment and ease of understanding what's going on underneath

My personal preferences:

  • Assume users are using Vultr//, and are Linux users unfamiliar with OpenBSD, SMTP, DNS etc.
  • Ansible for deployment, comment everything. Heavy focus on modular, concise documentation in code and site. No magic, no black boxing.
  • Base where possible (smtpd, httpd, spamd), tracking RELEASE so they upgrade once a year

I would include a walkthrough of setting up the install on a VPS on Vultr with a domain from a specific provider as part of the docs.

Those are just my personal prefs but it's your train set. I can help out with docs on DNS and SMTP integration and client configuration, but I know little about the underlying code (aside from Dovecot, httpd, acme-client and Roundcube)

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 27, 2018

We will need to take a decision soon. So give me your suggestions and we will decide together on which one we ll go with.

@mischapeters

This comment has been minimized.

mischapeters commented May 27, 2018

I guess it all depends on how complete / complicated you want to make this? I personally would be against adding Ansible or any orchstrator in the mix. OpenBSD defaults are sane and don't require a lot of tweaking. Installing a bunch of packges can be even done with a single command.

My suggestion would be to focus on the base functionality first. Incoming/Outgoing/Reading with a level of security and Anti-Spam. Anything beyond that, GUI, Ansible, Monitoring, Quota support etc... should be out side of initial scope and a follow up jumpstart maybe?

Jumpstart Mailserver, part 1
Jumpstart Mailserver, part 2 -> Make it fancy!

:)

@stevelord

This comment has been minimized.

stevelord commented May 27, 2018

I mentioned Ansible, because large shell scripts tend to be full of the magic we should avoid. However, as long as the result is reasonably sane, modular and can avoid the magic, I'm all for it.

@kr1pt0ph0b14

This comment has been minimized.

kr1pt0ph0b14 commented May 27, 2018

My suggestion is; a Monitor page would truly be useful and needed. Showing statistics on CPU/MEM/SWAP/Disk Space/Total users/Disk Usage on Domains
Quotas/disk usage limit per users/domains are also well needed on Mailservers usually. Especially when they run on a limited VPSs.

@mischapeters

This comment has been minimized.

mischapeters commented May 27, 2018

IMHO it doesn't really involve mail as such. I believe the premise for the document will be single admin, single domain. I agree that monitoring would be useful but is not specifically related to mail. These days storage is cheap, even for a VPS.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 27, 2018

So, are you all agree with the following ?

  • Multiple domains support with only one admin
  • Work on OpenBSD 6.3
  • Maildir format
  • MTA : OpenSMTPD
  • DKIM support
  • Antispam : spamd with spf walk
  • MDA : Dovecot
  • POP3 / IMAP Protocol
  • Manage Sieve
  • MUA : Roundcubemail
  • Web Server : httpd
  • Let's Encrypt certificate
  • Packet Filter
  • CLI to manage domains/users and spam, monitoring (cpu, mem, free space, used space per user)
  • Installer (a mix of shell scripts)
  • Full comments on any scripts and configuration files
  • Describe how to backup & restore your server
@mischapeters

This comment has been minimized.

mischapeters commented May 27, 2018

Has my vote

1 similar comment
@vetelko

This comment has been minimized.

vetelko commented May 27, 2018

Has my vote

@Synchro

This comment has been minimized.

Synchro commented May 27, 2018

That list makes it even more worthwhile looking at mailnabox. The only differences are:

  • Running on OpenBSD
  • Using OpenSMTPd instead of Postfix
  • Using httpd instead of nginx

There's a vast amount in common and it works in pretty much the same way - all standard packages, held together with minimal shell scripts.

mailinabox also has full DNS control (which allows it to automate SPF and DKIM config), including complete DNSSEC support. It also integrates NextCloud, so it has shared address books, calendars, file sharing etc.

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 27, 2018

Waiting for more confirmations to close this first issue.

@law

This comment has been minimized.

law commented May 27, 2018

Do we want to have JMAP support?

@aminb

This comment has been minimized.

aminb commented May 27, 2018

👍 from me as well for the list. However, along with SPF I'd also add DMARC too.

@law

This comment has been minimized.

law commented May 27, 2018

+1 for DMARC/SPF/DKIM. I missed that in my initial read-thru.

@aminb

This comment has been minimized.

aminb commented May 27, 2018

Yeah JMAP would be nice too, but I believe Dovecot doesn't support it yet, no?

@yukiisbored

This comment has been minimized.

yukiisbored commented May 28, 2018

I think supporting JMAP doesn't add much (yet). We can consider it a stretch goal.

@yukiisbored

This comment has been minimized.

yukiisbored commented May 28, 2018

I would suggest doing milestones for this project instead of getting all of them done.

For example:

  1. Basics: Basic OpenSMTPd setup with Dovecot
  2. User Experience: Roundcube
  3. Spring Cleaning
  4. Security: Let's Encrypt, DKIM
  5. Spam control: Spamd
  6. Spring Cleaning
    etc
@kr1pt0ph0b14

This comment has been minimized.

kr1pt0ph0b14 commented May 28, 2018

The list has my vote. Will STARTTLS, SSL/TLS encrypted IMAP/POP3/SMTP all be supported?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 28, 2018

@deksar sure.

@jaypatelani

This comment has been minimized.

jaypatelani commented May 28, 2018

+1

@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 28, 2018

Regarding @wesley974 list:

What´s the purpose of No. 11: "Web Server : httpd"
I thought this project should result in deploying a mailserver?!?

Does it mean the http part for the lets encrypt acme challenge?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 28, 2018

@mhekeler a full mailserver includes a webmail like for example roundcube, so httpd + Let's encrypt certificate

@wesley974 wesley974 closed this May 28, 2018

@mhekeler

This comment has been minimized.

Contributor

mhekeler commented May 28, 2018

@wesley974 I understand

but isn´t the webmail more like a "client task"?
Is the project going to build a full mailing solution like the often mentioned mailu/mailcow/iredmail/ispmail/mail-in-a-box/...
with server + (web-)client and configs managed by a nice GUI (web framework)?

@wesley974

This comment has been minimized.

Contributor

wesley974 commented May 28, 2018

no more than listed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment