[TUHS] Who is running their own mail server and what do you run?
norman at oclsc.org
Fri Sep 22 06:05:05 AEST 2017
I run my own mail server, on systems in my basement.
It is a setup that no one in their right mind would
replicate, but the details may actually be proper for
A firewall/gateway system runs a custom SMTP server,
which can do simple filtering based on the SMTP envelope,
SMTP commands, calling IP address and hostname. It is
also able to call external commands to pass judgement on
a caller or a particular message.
If mail is accepted, it is passed through a simple
MTA and a stupidly-simple queueing setup (the latter
made of shell scripts) to be sent via SMTP to a
different internal system, which uses the same SMTP
server and MTA to deliver to local mailboxes.
Outbound mail is more or less the obvious inverse.
I have put off naming names for dramatic effect. The
two systems in question are MicroVAX IIIs running
my somewhat-hacked-up version of post-10/e Research
UNIX. The MTA is early-1990s-vintage upas. The SMTP
server, SMTP sender, and queuing stuff are my own.
I wrote the SMTP server originally not long after I left
Bell Labs; I was now in a world where sendmail was the
least-troublesome MTA, but in those days every month
brought news of a new sendmail vulnerability, so I wrote
my own simple server to act as a condom. Over time it
grew a bit, as I became interested in problems like
what sorts of breakin attempts are there in real life
(back then one received occasional DEBUG or WIZ commands,
but I haven't seen any since the turn of the century);
what sorts of simple filtering at the SMTP level will
get rid of most junk mail. The code is more complicated
than it used to be, but is still small enough that I am
reasonably confident that it is safe to expose to the
The SMTP sender and the queueing scripts came later,
when I decided to host my own mail. Both were designed
in too much of a hurry.
There is no official spam filtering (no bogofilter or
the like). A few simple rules that really just enforce
aspects of the SMTP standard seem to catch most junk
callers: HELO argument must contain at least one . (standard
says it must be your FQDN) and must not be *.* (I see dozens
of those every day!); sender must not speak until my server
has issued a complete greeting (I follow Wietse Venema in
this: send a line with a continuation marker first, then
sleep five seconds or so, then send a finish). I also
have a very simple, naive greylisting implementation that
wouldn't work well for a site with lots of users, but is
fine for my personal traffic. The greylisting is implemented
with a pair of external shell scripts.
I have had it in mind for a long time to consult the Spamhaus
XBL too. It would be easy enough to do with another plug-in
shell script. There are stupid reasons having to do with my
current DNS setup that make that impractical for now.
The mail setup works, but is showing its age, as is the
use of Research UNIX and such old, slow hardware as a network
gateway. One of these years, when I have the time, I'd like
first to redo the mail setup so that mailboxes are stored
on my central file server (a Sun X2200 running Solaris 10,
or perhaps something illumos-based by the time I actually
do all this); then set up a new gateway, probably based on
OpenBSD. Perhaps I should calculate how much hardware I
could buy from the power savings of turning off just one of
the two MicroVAXes for a year.
I have yet to see an MTA that is spare enough for my taste,
but the old upas code just doesn't quite do what I want any
more, and is too messy to port around. (Pursuant to the
conversation earlier here about autoconf: these days I try
to need no configuration magic at all, which works as long
as I stick to ISO C and POSIX and am careful about networking.
upas was written in messier days.) At the moment I'm leaning
toward qmail, just because for other reasons I'm familiar with
it, though for my personal use I will want to make a few changes
here and there. But I'll want to keep my SMTP server because
I am still interested in what goes on there.
More information about the TUHS