[gexcolo]

I run an E-mail server with over 250,000 users. I started by following some generic "dovecot+postfix+mysql" tutorial on howtoforge and I'm still using mostly the same setup over 4 years later.

>Then your email doesn't work and you could be missing out on important communications

Pretty much every E-mail server will retry sending your E-mail for a long time (like 2 days is default on postfix). Once your mail server comes back up all of your E-mail you missed during the downtime will come in slowly as messages are retried

>you're scrambling to figure out how the spammers managed to exploit your setup this time

Any tutorial should point you in the right direction restricting open relay on your mail server, just basically requiring authentication to send E-mail outside of your server.

>I started writing an SMTP protocol handler in Haskell

Do you have any link to your progress? Postfix's configuration definitely shows age, but all of the options do important things that you could actually want to change. It seems other MTAs either have just as complicated configuration (to do the same things), or have stunted functionality.

>being secure and resistant to attacks by default

I agree about sensible and more secure defaults in configuration. But the application security of postfix and dovecot are both pretty robust[0][1]. Considering they are 19 and 15 years old, both applications have seen several developer-lifetimes of effort.

>we need more guides like this for us poor souls who do go down this route

I agree, though mediocre howtoforge tutorials seem to have worked fine for this poor soul.

[0] https://www.cvedetails.com/product/14794/Postfix-Postfix.htm...

[1] https://www.cvedetails.com/vendor/6485/Dovecot.html

[andris9]

Would you be able to share some stats, like how much disk space these accounts take up and such?

For larger scale e-mail sending I built my own MTA (https://github.com/zone-eu/zone-mta), our main instance sends about 750k emails a day (mostly normal ISP traffic, maybe 25% marketing emails) and its most valuable feature is juggling with IP addresses and blacklist detection, so if some mailbox gets hacked, starts sending out spam and the IP ends up in Spamhaus et al then this IP is removed from the list for other users automatically. Has saved us a ton of time.

[gexcolo]

Sure, the mail storage currently takes up 1.01TB, using dovecot's mdbox. This mail store started in January 2016, after the service got raided twice by german authorities[0] (at request of u.s. gov), otherwise it would be larger.

I'm not going to run like per-user stats but I know historically there's been about 11kb per E-mail on average, so that's about 90 million mails stored. The MTA itself sends and receives a bit over 20 million E-mails annually, so the extra from that is probably from the mailing list I run on the same server (where each message only counts as 1 for statistical purposes)

How I prevent outgoing abuse is a black box, but I do it well enough that mail from my server almost never ends up in spam. But given that it's a free service I definitely don't have the budget to warm up and dynamically scatter mail across IP space to maximize deliverability. Cool technique, though!

[0] https://archive.is/etfDM

[0] https://archive.is/etfDM

[andris9]

Nice, thanks! Our average message size is about 200kB (and total of 30-40TB). No wonder though as anything from Mailchimp is 300kB nowadays.

[Crontab]

Hey man, off topic, but did you ever get your electronics back?

[andris9]

Oh, btw, the easiest way to test ZoneMTA would probably be to install the WildDuck mail server to some empty VPS. The install script, amongst other things, installs and configures ZoneMTA https://github.com/nodemailer/wildduck/tree/master/setup