28th December 2016
Preparing to dismantle my physical server (and move different hosted things to one or more VPS),
I’ve realized that an email server is necessary: to send website-generated emails, and also
receive a few rare contact requests arriving at the websites.
My current email server was configured eons ago, it works well,
but I have no desire to painfully transfer all the configuration…
Better install something new, shiny and exciting, right?
I had 3 #self-hosted, #mail-server bookmarks:
(Sovereign, the 4th one, was addded after reading more about Mail-in-a-box.)
Here are my notes on what seemed important about these 4.
- has free and paid web-UIs
- no DNSSEC, DMARC, HSTS
- amavisd with clamav
- has useful manual parts
- not attractive
- less sophisticated than Sovereign or Mail-in-a-box
- web-UI, also for amavisd filters
- overall: focuses on better UI
- has useful manual parts
- recent (experimental?) LetsEncrypt support
- has (some) unit tests
- not that attractive
- has more than I need, but components can be deactivated
- has EncFS support (useful, but questionable because of reboots…)
- no dedicated web-interface, configs are text
- has proper testing against a vagrant virtual machine
- can be dockerized using github.com/kisamoto/dancible
- attractive as “the next solution”, or to borrow EncFS support
- the most sophisticated email server (except for EncFS which is not used here)
- simple but useful web-UI
- no amavisd, clamav, UI for filters
- has good relaying manual
- more or less requires a separate machine (overwrites configs?)
- has no well-established testing, not even for development; this is being worked on as of New Year 2017
- problems with owncloud (which I don’t really need)
- hub.docker.com/r/mtrnord/mailinabox/ , github.com/mail-in-a-box/mailinabox/blob/docker/containers/docker/run
- postscreen is not yet configured, it is not obvious if it were beneficial
- the most attractive; might be reasonable to fork and modify (e.g. drop owncloud?)
MIAB appeared really attractive,
but then – do I really want to dedicate one of the VPS to the mail server only?
Not in my case – too low emails volume/traffic.
So running it in an LXC (or some other) container would make sense.
And this is actually possible, some of the users over at MIAB’s discussion forum
have been running MIAB inside docker container for over a year now with no issues.
(An extra upside is that web-UI can be left unexposed, preventing external access to it.)
A possible long-term downside is, of course, lack of tests – Sovereign looks much better in this regard.
Sovereign looks very good overall. In fact, MIAB feels like
“Sovereign’s email component + webui for it” (MIAB was inspired by Sovereign).
One extra MIAB-specific feature is DNSSEC support.
MIAB takes on the role of your nameserver, and thus is able to setup (and refresh, when necessary)
all the DKIM/DNSSEC/etc-relevant DNS records for you.
As soon as I’ve started adding “containerization” to the mix, dozens of other projects entered my field of view:
- github.com/indiehosters/email, inspired by MIAB, looks ok; lacks webmail, fail2ban, SPF, DANE, DNSSEC, but uses vimbadmin instead of a custom-coded MIAB UI
- github.com/tomav/docker-mailserver looks great! No UI, no SQL backend, only 2 text files (accounts and aliases) for all configuration – yay!
- github.com/lava/dockermail, much less active/polished, not really interesting
- github.com/frankh/docker-compose-mailbox adds roundcube and vimbadmin containers; uses SQL; not sure why it has only 10 stars on github…
- github.com/adaline/dockermail – looks ok, less active and seems simpler than docker-mailserver
- poste.io : has free (downloadable) and 2 paid versions; packed with many features and containerized; there is no Dockerfile, but of course you can examine what’s inside the public image anyway; actually, looks good – not sure how posteio-specific the data directory structure is, though… still something to try
- mailgun.com – SMTP service with a more than sufficient free quota for a few low-traffic websites; can be coupled with some forwarding service to avoid any need in an email server; but not this time, I want a mail-server
- yunohost.org : I’m not entirely sure why this is here, maybe it does have email support built-in? ok, yes it does – this is a debian-based “home-server” software, which also includes LDAP and SSO and XMPP and DNS and nginx. Hmm, not bad. I wonder how well it works out of the box.
- kolab.org : groupware; looks interesting as well, but I have no group (yet) to have a use for a full groupware solution
- not reviewed: mailcow.email, mailcow.email/dockerized, github.com/andryyy/mailcow
Finally, one can build an own LXC container, either by following this ArsTechnica series,
or after examining the install scripts of MIAB or Sovereign.
Then automate all of this, keep it well-maintained – and there you have it, one more mail-server solution!
- MIAB looks very good – feature-rich, easy to install, and just works – you should try it!
- docker-mailserver looks great – I should try it!
- poste.io, yunohost.org and kolab.org are also some interesting solutions to try, along with Sovereign
Not much of a summary, but this is definitely an accurate reflection of reality.