SBC suggestion for a mail server

  • Hello everyone


    as this is offtopic in terms of "NAS-relation", I am looking into configuring a domestic mail server (postfix centered, with all the "usual" complementary packages for IMAP, antispam, etc etc).


    My questions are:
    - which SBC should I choose ?
    - any suggestions in terms of linux based sw packages, barred the usual suspects ?


    Sheer performance, let's face it, is not an issue in my case:
    - Very few users (5-10 max)
    - Very limited traffic (way less than 100 emails per day)
    - 1TB mail archive space will be A LOT


    Reliability is much more.
    I want
    - a stable platform
    - to add redundancy (not necessarily an active-active cluster; something that I can bring up when the main one fails, even from remote, RTO 30 minutes, RPO 1 hour would be OK)


    Thanks in advance for any idea :)


    Ciao
    A.

  • Which SBC to chose... There are so many...


    Maybe this should be take in reverse order. First, find a mail server that you like and see if it's supported by an Arm device. You could take a look at Yunohost which supports two different mail servers, Rainloop and Roundcube. From there, Yunohost will install on Armbian, so that would lead to the Armbian supported SBC's page. Of the supported SBC's there's a sliding scale; popularity, cost and availability at your location are variables you'd have to consider.


    If you're looking for a SATA port, for your 1TB of storage, the Odriod HC2 or the Espressobin might be of interest.


    As you've already noted, smoking performance is probably not necessary, so power consumption and cost might be your drivers. The Orange Pi's (supported models) are cheap on Aliexpress. That's not a recommendation, just an observation. If you go this route, be careful to match the hardware to what is supported by Armbian.)


    For simplicity I'd agree with @JohnStiles ; I'd consider the Odriod HC2. A drive mounts to the HC2 housing/heatsink directly connecting to the SATA port. It's all nicely integrated.
    _________________________


    Raspberry Pi's will run a handful of mail servers. Google Raspberry Pi and mail server. There are plenty of guides for an R-PI.


    Hope this helps to get you started.


    **Edit: Yunohost has a few prebuilt images for SBC's and ISO installers.

  • In terms of supported mail server suits I was looking at iredmail as a first option. Apparently, it works on all platforms where debian 9 or ubuntu 18.4 work.
    I found no mention of ARM exceptions on their website.


    And yes the HC2 seems a good choice if a bit overkill.
    Indeed I already own 1 which I am using as an OMV nas machine for general repository purpose. Adding a second would be fine.
    It's sole drawback (as a nas) is its tendency to overheat a bit but I presume that my mailserver application would not stress it anyway so...


  • Sw packages: postfix, dovecot, spamassasin, clamav, spfquery, opendkim, amavisd-new, pyzor, razor, just to name main ones.


    Assuming you have two public fixed IP addresses, probably I'd go for an active-active cluster. It's just a matter of set two MX records (one for each computer), and have two A records with the same name (i.e. imap.mydomain.com) pointing to your IPs. You'd need to keep mailboxes synced between SBCs, as emails could get delivered to any of them. Many options to choose: glusterfs, lizardfs, xtreemfs, dfs over samba, or maybe even a rsync cron job would do. Sure many of them are not available for arm.


    If both machines are going to be behind a single IP using NAT, and/or your IP address(es) is/are dynamic, then rent a VPS.

    OMV 4.1 on Debian 10 @ HP Microserver gen8 [2x 256GB SSD ZFS mirror on root + 3x 8TB ZFS raidz1 pool]

  • And yes the HC2 seems a good choice if a bit overkill.


    Indeed I already own 1 which I am using as an OMV nas machine for general repository purpose. Adding a second would be fine.
    It's sole drawback (as a nas) is its tendency to overheat a bit but I presume that my mailserver application would not stress it anyway so...

    If you don't want HC2 then maybe NanoPi Neo. Or rent a dedicated server or vps.
    https://www.kimsufi.com



    PS
    If HC2 is too hot then https://www.amazon.com/ARCTIC-…le-Portable/dp/B003XN24GY
    https://youtu.be/nqhOXCC3BbQ?t=47

  • In terms of supported mail server suits I was looking at iredmail as a first option. Apparently, it works on all platforms where debian 9 or ubuntu 18.4 work.

    For all intents and purposes, Armbian is a combination of Debian and Ubuntu with some tweaks for ARM. If iredmail is flexible enough to install on Ubuntu or Debian, there's a good chance it would run on Armbian.


    And yes the HC2 seems a good choice if a bit overkill.
    Indeed I already own 1 which I am using as an OMV nas machine for general repository purpose. Adding a second would be fine.

    For this reason alone, I would go with the HC2. Having two would give you a choice if one were to fail. (Run the mail server or the NAS.)
    Further, with an extra SD-card, you could test a iredmail install on Armbian before committing to buying a second HC2.

  • Assuming you have two public fixed IP addresses, probably I'd go for an active-active cluster. It's just a matter of set two MX records (one for each computer), and have two A records with the same name (i.e. imap.mydomain.com) pointing to your IPs. You'd need to keep mailboxes synced between SBCs, as emails could get delivered to any of them. Many options to choose: glusterfs, lizardfs, xtreemfs, dfs over samba, or maybe even a rsync cron job would do. Sure many of them are not available for arm.


    If both machines are going to be behind a single IP using NAT, and/or your IP address(es) is/are dynamic, then rent a VPS.


    Depending on the VPS provider, the alternative is not a so secure one. Or am I overworrying ?


    I got "nothing to hide but my normal privacy". What I would like is a situation where my emails are not being used as a data pool to study my habits. How can I be sure the VPS provider doesnt share my data with anyone?

  • A vps provider has better things to spend his time and money other than sniffing traffic (or checking hard disk contents) from a cheap vps while you are not sending spam or otherwise breaking the law. They earn money renting you a vps. Google sniffs your email to earn money as they offer the email service for free.


    Smtp over tls and a encrypted harddisk would take care of your fears.

    OMV 4.1 on Debian 10 @ HP Microserver gen8 [2x 256GB SSD ZFS mirror on root + 3x 8TB ZFS raidz1 pool]

  • I got "nothing to hide but my normal privacy". What I would like is a situation where my emails are not being used as a data pool to study my habits. How can I be sure the VPS provider doesnt share my data with anyone?

    For the same reasons, I run Pi-hole and my own recursive DNS server (Unbound). After chiming in on your quest for a mail server, I think I'm going to look into that possibility as well. Frankly, I'm tired of having my inbox polluted with "offers".


    The task would be a good use of an SBC or, potentially, a VM. Thinking about it, I just looked up iredmail on Docker hub. A Docker might be the way to go (maybe with a MacVlan interface).

  • It looks like a mail server/Docker for ARM architectures, is out the window. Some of these packages, like Zimbra and Kolab seem to be just too damxed complicated. They're more along the lines of "Groupware".


    So it seems that ease of maintenance, with a reasonable set of features is more appropriate. Of candidates that fit that description, Rainloop and Iredmail are supported by Docker and are getting updates. Iredmail seems more secure but a bit more complicated compared to Rainloop. Rainloop is very (Docker) popular, simple to configure - there's no back end database requirement, but seems to lack active measures for SPAM, virus infections and the like. I don't have any experience with either of the two.


    Does anyone have any experience to draw from?

  • Will a free ssl certificate (such as one gotten through letsencrypt) be "enough" in terms of safety?

    Since it's one's own mail server, I believe any valid SSL cert might do it, to include one that's self generated. (I think. :) )
    _______________________________


    Never having run a mail server, this is idle speculation:


    While virus detection is usually handled by the client side, it doesn't hurt to have at least some capability on the server side as well. It's SPAM rejection, as in automating it, that I believe may be of real importance. I'd hate to have to generate a blacklist from scratch. If there's a module already there, ready to handle the SPAM task, that would seem to be a bonus. Iredmail uses ClamAV, SpamAssasin and other security packages so that "seems" to narrow the two Docker choices down to "Iredmail".


    From a security perspective, I like the idea of running a mail server in a Docker for the isolation. Starting up a new container instance would clear a server compromise as well. But I hate the idea of forwarding internal ports to the world because they will be attacked. The port issue makes me think that a reverse proxy is almost a requirement.


    **Edit: Well, as it seems, a reverse proxy for a mail server seems to be counter to the design intent. About the best way the server could be hidden seems to be by relaying through another server.


    This is going to take more research....

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!