# Howto Mailserver for home network wanted/comments wanted

## fangorn

Hi,

I am searching for a document that shows how to setup a mailserver for a home network of <10 boxes with <20 users. 

All I can find is either single machine or business class (scales up to >10000 users, depending on hardware) and with all the bells and whistles to be another gmail.com or web.de.   :Twisted Evil: 

Both approaches are inadequate for what I am trying. I want a group of people to be able to access their emails at every computer throughout the (well guarded, wired) local network, regardless to what email service it was sent to (local server, isp, webmail, ...). Besides fetching mails and sending mails to external adresses through ISPs SMTP servers, there will be no interaction with the internet.

I am looking for: 

Just one domain, no virtual domains or aliases

Just some users from /etc/passwd on the server, no dynamic user addition necessary

Only local access of known users, no direct connection to the Internet. The server is physically independent of the router/firewall machine

Network is behind a router and firewall, so no special security/authentication for access inside the local network is needed

Server and clients are trusted so ssl certification is only optional

local email access may be optionally encrypted but it should not be necessary

Spamfilter and Virus detection are only needed for external email fetched from ISPs/Webmail

Emails going to external adresses are sent through one Providers SMTP server

External client Access  from the internet through the router is only an option and could be realized by ssh tunneling

Does anybody here know of a howto of that kind or if none exists, is anyone interested in cooperation for setting up such a howto? I can't believe there is no need for such a setup. I for my part do not wanna jump through unnecessary hoops especially when it comes to such nontrivial projects as a mail server. If we have to write it it must be clear to all readers, that this setup is not intended to be reachable from the internet.

Edit: I am seeking assistance in case the howto has to be written, because I am not into the mailserver stuff enough to be sure that a given setup is correct/secure enough. I can setup a configuration, but before making it official a review is needed. And also it could save me a serious amount of time when discussing the problem with a knowledgable mailserver pro beforehand.  :Wink: 

----------

## fangorn

Is there really no need for a setup like this? No communities out there who wanted to standardize email handling? No families of nerds with more than one computer? Am I the only one that runs up to five boxes for himself, machines for relatives not counted in?  :Rolling Eyes: 

Or is it a bad idea? If so, could someone please tell me, why I should go through all the hassles of building a Mail server fit for full exposure to the internet when only working "behind bars"?

----------

## Jaglover

 *Quote:*   

> Both approaches are inadequate for what I am trying. I want a group of people to be able to access their emails at every computer throughout the (well guarded, wired) local network, regardless to what email service it was sent to (local server, isp, webmail, ...). Besides fetching mails and sending mails to external adresses through ISPs SMTP servers, there will be no interaction with the internet.

 

You have to put it together from pieces, the way you ask this does not encourage to reply (sorry).

Basically, you need an MTA for sending, be it Postfix or something else. Then you need something fetchmail-like to pull all the mails for your users from different servers out there (needless to say, this delays mail delivery because you cannot fetch it every minute for everybody from everywhere). Then you need some webmail app (as Squirrelmail) running on top of it to make it accessible from everywhere. Alternative here is IMAP, but this means all your users have to log in before they can read their mail. You didn't tell us how you have this set up. Are home directories in an NFS server? In this case even POP3 would work. 

I'm still not sure I understood your problem.

----------

## fangorn

Sorry that my text so far was a little imprecise.

I already know what parts I need. I setup a trial mailserver according to one of the "industrial grade mailserver howtos" with virtual mail-domains and user configuration once. It took me some weekends and stopped working after a quite short amount of time. I didn't get it repaired. 

I am atm. planning to setup a new mailserver. As I have other things to do already, I don't want to waste time for something others already have done and shared with the community. If noone has done that I am willing to invest the time to write up a little howto myself. 

As I already wrote, I feel competent to setup a system that will work. And I can write up a small howto for others to copy my steps. What I don't feel competent (I invested much more time into the sector of video conversion so far, which leaves my knowledge about network services pretty basic) is the question if the setup is 1. secure enough, 2. fully featured, 3. the write up is accurate and extensive enough.

What I intended to ask (sometimes I loose perspective when typing  :Rolling Eyes:  ) is: 

Is all this security really necessary in a guarded home network?

If it is, why?

If it is not: Has someone setup a system and wrote down some instructions already?

If noone has already written down something, I wanted to ask for a discussion here, what security settings are still necessary and what switches definately to activate. How that is pinned down into package configuration is another question, that I will have to fiddle out on my own anyway. 

----------

## John R. Graham

Well, there's this topic:  Email System For The Home Network - Version 2.1.

- John

----------

## fangorn

That is exactly what I meant with "industrial level mail server". For the intended usage this is like frying chicken with an atomic bomb. It has certification, authentification, multiple dynamic aliased domains, dynamic user addition, ... All things that are needed for a mailserver to survive "out in the wild" of the internet, but just complicate a simple task for the usage intended. 

In my scenario a new user is born or "married in", so there "may be" time for a scheduled downtime   :Wink:  The only domain needed is not even known to the outside world. I just don't see the need for all that voodoo for the internal mail traffic. 

Another problem is the fetching of external mail and delivering to external adresses via SMTP. But I seem to remember that you can tell fetchmail to scan incoming mails. I think that is also possible for outgoing mails. 

If the client wants to encrypt/sign external email, that is another topic. But why autentify a few well known users for the internal mail transfer? The boxes are of such small number that I will setup all the client software myself. In fact I will have to, because I am "the administrator". (for the whole family   :Twisted Evil:  You know the phrase "or ask your system administrator"?)

----------

## John R. Graham

Well then, perhaps we can collaborate.  I'd like to get such a thing set up also.  All I have working right now is that my servers send administrative messages via a commercially hosted SMTP server to my commercially hosted main email account.  For that, mail-mta/ssmtp suffices.

- John

----------

## Ant P.

My setup is one server running postfix for the internet-facing side and dovecot to access it over the LAN (via IMAP). All the howtos I've read are a bit intimidating, all you really need is the comments in the config files.

----------

## figueroa

Actually, I think you'll find that the guide at: https://forums.gentoo.org/viewtopic-t-56633.html for "Email System For The Home Network - Version 2.1" is actually scalable to do exactly as you wish.  When you install courier-imap it will install both POP and IMAP servers for you in both SSL and non-SSL flavors.  You can chose to use as much or as little security as you need.  Just follow those parts of the well written instructions that suit your needs and tweak them to apply or not apply security for your internal network.

However, if you follow the guide as written, you'll have a fine, low-overhead, small email system you can let your family access from within or outside of your network with credible security.  I have had this running on two servers for almost three years with great reliability.  My external server (church and school) has eight very active and two inactive users. (The author believes this system would be cumbersome with more than five users, but that doesn't play out in my experience, at least not with a stable population of users.)

----------

## JC99

I wrote this guide a while ago on the Gentoo-wiki describing how to setup a basic mail system.

It should get you up and running and you can build a more complex system as you learn/read more.

I have been using this setup for years on my home network with 3 users and have never had a problem.

If you don't want webmail and/or want to use something else for spam you can ignore the second half of the article -> "Apache with PHP", "Squirrelmail" and "SpamAssassin".

You can access your mail with your favorite email client via IMAP. I am not sure how to set it up with pop3 as I have never needed to use that before but I am sure someone here could help you with that.

Hope this helps...

----------

## fangorn

Thanks for the answers. 

@figueroa

It is just that I did setup such a server once and failed miserably in

a. making it stable 

b. scaling it down to a managable setup  :Rolling Eyes: 

@EvilEye

Pop is not an option, as the users shall be free to change the client without any hassles. Indeed I do not plan on using Squirrelmail as every user has their preferred Email client.

I've quickly read across your wiki article. It is basic enough to be easily implemented. But it does not detail too much on reasons and configuration details.   :Wink:  Maybe we can cooperate in appending some details for fetchmail, virus-scan, ... up to client configuration?

----------

