So I have my mail server up and running and that a good news. The bad news is that the server need lots more to do, some even will become nerver-ending processes.
I cannot cover every single details here because every system has its unique setup and requirement. But here I list few things you may keep an eye on them.
Keep the IP out of blacklist
The public IP of the email server has to be a clean IP. If not, you mail will be rejected by the receiving mail server. To check your IP, go to: http://mxtoolbox.com/blacklists.aspx
Firewall
As soon as you put your server online, you will see lots hacking activities for sure. Some try to gain access to your system, some try to relay spam email through your mail server.
Although I have Fail2ban installed, It’s still need a lot attention to keep these hacking activities out.
Backup MX server
Most people opt to build one or more MX backup server. So when your main server is offline, the backup MX server will catch all imconing emails. Once the main server back online the backup MX server will relay all queued mails to the main server so you don’t lose emails.
Backup and resovery
I did not cover details about backup and recovery. As a system adminstrator this is a basic task and you have to have an emergency plan for your system and data.
Audit and monitoring
You should monitor the system actively. Read the log files, check the system. Here MailWatch will help a lot. But you may still want to setup a monitor system, such as Nagios, Zabbix or similar.
Non-forwarding caching nameserver
You may see Spamassassin score a lot on “URIBL_BLOCKED” which may cause wrongful blocks of normal emails. The solution is use a non-forwarding caching nameserver.
See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
Update system
When I built my first email server (Postfix, Courier and MailScanner) I have lots packages compiled and installed manually. This gave me a lots headaches later when I tried to update them. I had to re-compile or patch them carefully and sadlly sometimes things went wrong.
Now on the new system, I used YUM to install almost all of the packages. This will let me easy to update the system.
Fine-tune the system
Another never-ending task is fine-tune the system. Like I said before, email server is complicate. For example, by default MailScanner blockes double extention attachment files(e.g. mydoc.bat.doc). But for my company we do have some legit files which have doubel extension. This need to adjust MailScanner’s configration file to let these files pass the spam check.
Quick links:
- Part 1: LEMP
- Part 2: Postfix and Dovecot
- Part 3: MailScanner and MailWatch
- Part 4: SPF, DKIM and DMARC
- Part 5: Roundcube Webmail
- Part 6: Afterthoughts