Thinking of a local mail storage with anti spam

TCB13, 9 months ago (edited 9 months ago)

Dovecot + Postfix + Rspamd can do it. Instead of pulling emails you can simply forward those providers to your homeserver account. You may also setup Postfix in a way that would allow you to use our @gmail @hotmail addresses as “from” addresses / aliases to your local account and it will automatically submit the email through the provider SMTP server when you send something.

---

If you really want to pull email instead of setting up forwards (have your server offline more time and whatnot) there are a few options:

• www.fetchmail.info - the classic tool for the job
• github.com/getmail6/getmail6 - another classic solution
• github.com/mback2k/go-getmail - probably what I would use today

---

To route the outgoing email through the right provider / external SMTP server based on the “from” address you may configured it like this:

main.cf:

<span style="color:#323232;">smtp_sasl_auth_enable = yes
</span><span style="color:#323232;">smtp_sender_dependent_authentication = yes
</span><span style="color:#323232;">smtp_sasl_password_maps = mysql:/etc/postfix/virtual/mysql-external-alias-credentials.cf
</span><span style="color:#323232;">sender_dependent_relayhost_maps = mysql:/etc/postfix/virtual/mysql-external-alias-relay-hosts.cf
</span><span style="color:#323232;">smtp_sasl_security_options = noanonymous
</span>

mysql-external-alias-credentials.cf:

<span style="color:#323232;">user = XXXXX
</span><span style="color:#323232;">password = XXXXXX
</span><span style="color:#323232;">hosts = 127.0.0.1
</span><span style="color:#323232;">dbname = mailserver
</span><span style="color:#323232;">query = SELECT concat(relay_user, ':', relay_passwd) AS credential FROM `Virtual_Alias_External` WHERE alias='%s' AND active = 1;
</span>

mysql-external-alias-relay-hosts.cf:

<span style="color:#323232;">user = XXXXX
</span><span style="color:#323232;">password = XXXXXX
</span><span style="color:#323232;">hosts = 127.0.0.1
</span><span style="color:#323232;">dbname = mailserver
</span><span style="color:#323232;">query = SELECT relay_host AS transport FROM `Virtual_Alias_External` WHERE alias='%s' AND active = 1;
</span>

MySQL table structure:

<span style="color:#323232;">CREATE TABLE `Virtual_Alias_External` (
</span><span style="color:#323232;">  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
</span><span style="color:#323232;">  `alias` varchar(70) NOT NULL,
</span><span style="color:#323232;">  `owner` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
</span><span style="color:#323232;">  `active` tinyint(1) NOT NULL DEFAULT 0,
</span><span style="color:#323232;">  `relay_host` varchar(70) NOT NULL DEFAULT '',
</span><span style="color:#323232;">  `relay_user` varchar(70) NOT NULL,
</span><span style="color:#323232;">  `relay_passwd` varchar(70) NOT NULL,
</span><span style="color:#323232;">  PRIMARY KEY (`id`) USING BTREE
</span><span style="color:#323232;">) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci ROW_FORMAT=COMPACT;
</span>

Create an entry like this:

<span style="color:#323232;">alias: [email protected]
</span><span style="color:#323232;">owner: [email protected]
</span><span style="color:#323232;">active: 1
</span><span style="color:#323232;">relay_host: [smtp.gmail.com]:587
</span><span style="color:#323232;">relay_user:  [email protected]
</span><span style="color:#323232;">relay_passwd: your-gmail-password-or-app-password
</span>

Now when you send and email and the from is set as [email protected] Postfix will route the email through Gmail’s SMTP server with credential stored on that table. If done correctly (smtpd_sasl_authenticated_header = no) no references to [email protected] will show up on the email headers.

Haui, 9 months ago

Wow! Thanks for elaborating! I‘ll look into this! Looks like a ton of useful advice.

TCB13, 9 months ago

Related: noted.lol/setup-gmail-smtp-sending-2023/

PuppyOSAndCoffee, 9 months ago

My advice - do not fall into the trap that you can run e-mail better than a provider who does that for a living.

The easiest way imo is to pick a provider who specializes in this sort of thing. Then begin to rotate your accounts from the old account to the new one, utilizing aliases or masks as needed and desired.

as you do so , archive old emails off your old account. Periodically check but remove it from your daily driver. At some point, all will be left is spam at which point you can … let that mail provider manage for you.

Many mail providers have excellent spam protection so you are right - get it at the source.

Depends how much your time is worth? For some it is easily worth the $1-$5/USD Month to let your mail provider handle the bulk of it.

gaael, 9 months ago

I might be wrong, but for me OP is not trying to actually run email, rather have a staging ground that pulls all emails from their accounts on actual providers, apply some treatment to said emails and pull them from client-side apps on their devices.

PuppyOSAndCoffee, 9 months ago

Yeah I get that, but the way that usually works is by running a mail host that relays to upstream accounts.

Such things are a stairway to heaven to malware & Trojan horses…nothing says “check me out” like a bot finding out smtp is open on a local domain behind a firewall. That moves the attack from auto crypto mal to “how can we control this dudes email”.

I get the intention just be very very careful.

LachlanUnchained, 9 months ago

Oh man. If I could find a way to stop the phishing emails, I would absolutely love it.

No idea why exchange consistently lets through emails asking to change exchange passwords? Surely they would be the easiest to seperate out