0

EMAIL SERVER SETUP

Hey, its my first time using serverfault but I hope the community can help. I am trying to build a secure email system using Linux, Postfix, Dovecot and MySQL. I have read on perot.me that you can encrypt incoming mail so I thought I can use it with a mail server. Below I have described the setup I am planning on using. It would be good to get some feedback on the system and should it be deployed to the public?

The location of my servers will either be in Iceland or Switzerland.

In my setup I have 3 servers: mail1, mail2 and webmail1

DNS:- MX: 10:mail1.domain.com 10:mail2.domain.com TXT: v=spf1 ip4:127.0.0.1 a mx ~all

mail1: This is the mail server which sends and receives emails. When emails are received it automatically encrypts the email contents (if not already encrypted) using the clients public PGP key that is stored and synced between mail1 and mail2. The mail is then passed to the webmail1 server if the server is online and the hard drive is decrypted, if the server is offline, mail1 will hold the email until the server comes back online. This server does not have full disk encryption as this is the actual mail server and needs good uptime, which means that if both mail1 and mail2 have full disk encryption and are down due to a restart at the colocation center, emails will need to wait until these servers are back online and have had their disks manually decrypted. (Security < Uptime)

mail2: This has the same functions as mail1 but is used to keep the bandwidth down (loadbalance) of mail1 when sending and receiving mail.

webmail1: Holds the PGP encrypted mail that is sent from mail1 and mail2. It has full disk encryption as it does not need have high uptime (Security > Uptime). This server is also a webmail server behind a reverse proxy so no clients or users can find out the IP address. For the webmail I am thinking of using localstorage of the browser to let users decrypt messages on the fly but this may require plugins as it is not safe to hold private keys on server.

The problem I am facing is how to transfer mail from two seperate mail servers (mail1 and mail2) into webmail1? Are there any known guides out there?

Simon Lawton
  • 1

1 Answers1

1

This should just be an MTA configuration issue. Configure a Postfix smarthost on both the mail1 and mail2 machines to send all mail for the relevant domains (or all mail if all they do is receive email) to webmail1.

The following describes a typical Postfix configuration to achieve this, either by adding a relayhost entry to main.cf (if you want all email to be blindly relayed on regardless of origin or destination), or by using postmap file if you need to do it per domain.

https://help.comodo.com/topic-157-1-288-4540-.html

jotap
  • 711
  • 3
  • 8