# External Email



## Mike (Aug 6, 2013)

Hey Guys and Gals,

I'm looking for a service where I can host email externally rather than locally on my server.

What do you use?  Looking for incoming and outgoing, mainly used with WHMCS.

Thanks!


----------



## drmike (Aug 6, 2013)

Welcome to the email party. We are growing in numbers.

I use outsourced Cpanel hosts for now.

We really need a current howto for a reasonable email host-your-own solution.


----------



## perennate (Aug 7, 2013)

Can you explain why you don't want to host your email locally? Then can better find a solution that fits your needs.


----------



## HalfEatenPie (Aug 7, 2013)

This could be with several different services.  For out-going mail we use Mandrill but for in-coming you can use other cPanel hosts (like what buffalooed does) or you could do any of the following:

- If you don't mind the "big brother/big sister" thing then you can always use Outlook.com's free domain e-mail services (or purchase Google's services for it). 

- There's also something like Rackspace's e-mail services (never used it but I hear people dislike it)

- Get a server to host your e-mail services and configure it yourself

I wonder why E-mail is such a hot topic right now.


----------



## Mike (Aug 7, 2013)

I want to host email externally so I can turn off exim and relevant services to further optimize the server.


I already use Rage4 for DNS so named has been shut off.


----------



## perennate (Aug 7, 2013)

Ok, then buy a VPS and host email on it


----------



## Mike (Aug 7, 2013)

We're looking for premium services like GoogleApps, Zoho, Office365 etc.  Mainly trying to find out who or what is best to use.


----------



## drmike (Aug 7, 2013)

> A VPS will be fine for your needs.

--- given the OP knows how to do all his/her installs and perfect their DIY rolled mail solution. Most folks, even technically gifted have bailed on the mess and complication email hosting has become, and it isn't because of proliferation of free Gmail-like service either. It's blacklists, reverse DNS, new fangled "security" measures, 24/7 babysitting.


----------



## Mike (Aug 7, 2013)

Exactly, thanks @buffalooed.


----------



## Leyton (Aug 7, 2013)

We offer both reasonably priced hosted Exchange based in the UK. Fully PCI compliant and DDOS resistant. But, if you want a lower priced option, we're about to launch our budget hosted email service publically, but I'm sure we could push forward the release for a couple of early users.

Both are billed by account, and the most stable and secure option is clearly the Exchange hosting.

Feel free to drop me a PM or email if you're interested.

 - Leyton


----------



## drmike (Aug 7, 2013)

Leyton said:


> if you want a lower priced option, we're about to launch our budget hosted email service publically, but I'm sure we could push forward the release for a couple of early users.


Sure, the OP is interested, I am interested and likely others.  Tell us more.   The market here needs more options.  Advertising mode for this welcomed  Post away mate!


----------



## RyanD (Aug 8, 2013)

Rackspace's hosted exchange is very affordable.


----------



## Francisco (Aug 8, 2013)

RyanD said:


> Rackspace's hosted exchange is very affordable.


I think people are wanting 'non cloud' solutions now 

Francisco


----------



## Leyton (Aug 8, 2013)

buffalooed said:


> Sure, the OP is interested, I am interested and likely others.  Tell us more.   The market here needs more options.  Advertising mode for this welcomed  Post away mate!


Currently we offer a highly stable UK clustered hosted MS Exchange solution, with a 100% financially backed uptime guarantee. These start at £6.60/acc/mo for the 25GB option. For £2.00/mo extra, we will throw in a license of MS Office Outlook 2012. This also comes with a free migration service.

We plan to release a similar clustered system on more of a budget focus. Here you will be able to take advantage of the online control panel we use to manage MS Exchange, so you're in total control of your data. We have configured this system to run a 7 day per-account rolling backup, which you can download at any time. 

Our budget option is currently planned to be released in "bundle" form, with 10GB per account (upgradable).


5 accounts :: £6.50/mo
10 accounts :: £11.50/mo
20 accounts :: £19.00/mo
Clearly, I can quote on a per-requirement basis as well if you drop me a PM or email. Prices are inclusive of VAT.

 - Leyton


----------



## Nyr (Aug 8, 2013)

Leyton said:


> Currently we offer a highly stable UK clustered hosted MS Exchange solution, with a 100% financially backed uptime guarantee. These start at £6.60/acc/mo for the 25GB option. For £2.00/mo extra, we will throw in a license of MS Office Outlook 2012. This also comes with a free migration service.
> 
> We plan to release a similar clustered system on more of a budget focus. Here you will be able to take advantage of the online control panel we use to manage MS Exchange, so you're in total control of your data. We have configured this system to run a 7 day per-account rolling backup, which you can download at any time.
> 
> ...


Hm, that budget pricing is interesting.

Are individual budget accounts possible? Is IMAP available too? I would be really interested in that, but I don't need multiple accounts at the moment.


----------



## Leyton (Aug 8, 2013)

Nyr said:


> Hm, that budget pricing is interesting.
> 
> Are individual budget accounts possible? Is IMAP available too? I would be really interested in that, but I don't need multiple accounts at the moment.


Realistically to make the pricing "fit" at a rate where things like PayPal fee's don't eat into it to make it a loss-leader, we need to charge for multiple accounts monthly.

I could probably work something out on <5 accounts on an annual renewal to avoid the issue, if you're interested. Say, £12.50/yr/account @10GB.

All options have SMTP/IMAP/POP3/WebMail available, the MS Exchange also has the ActiveSync pushmail option.


----------



## Nyr (Aug 8, 2013)

Leyton said:


> Realistically to make the pricing "fit" at a rate where things like PayPal fee's don't eat into it to make it a loss-leader, we need to charge for multiple accounts monthly.
> 
> I could probably work something out on <5 accounts on an annual renewal to avoid the issue, if you're interested. Say, £12.50/yr/account @10GB.
> 
> All options have SMTP/IMAP/POP3/WebMail available, the MS Exchange also has the ActiveSync pushmail option.


I was really interested in this offer, but looks like your website is totally broken and your previous company didn't end very well...

That sucks, because I really want a reliable Exchange provider and the pricing was really interesting, but I need someone I can trust 100% for email.

Thank you for the good offer anyway


----------



## Leyton (Aug 8, 2013)

Nyr said:


> I was really interested in this offer, but looks like your website is totally broken and your previous company didn't end very well...
> 
> That sucks, because I really want a reliable Exchange provider and the pricing was really interesting, but I need someone I can trust 100% for email.
> 
> Thank you for the good offer anyway


Unless there is something I'm missing, I can see our website is working fine. It's in the process of an update anyway. But, I appreciate your feedback, and wish you luck in finding a provider for your email.

The only other note I forgot to add is that all solutions quoted above do come with a 30-day refund guarantee.

 - Leyton


----------



## Nyr (Aug 8, 2013)

Leyton said:


> Unless there is something I'm missing, I can see our website is working fine. Its in the process of an update anyway. But, I appreciate your feedback, and wish you luck in finding a provider for your email.
> 
> The only other note I forgot to add is that all solutions quoted above do come with a 30-day refund guarantee.
> 
> - Leyton


Links to the products are not working and there were some placeholders, didn't know you were redoing the site, it explains that.

I think that your hosted exchange packages are really competitive, I wish you the best luck too with this new venture


----------



## drmike (Aug 8, 2013)

@Leyton,   do you offer something else ---- non Microsoft Exchange based?


----------



## Leyton (Aug 8, 2013)

Yes, as aforementioned. Our budget solution is non exchange based.


----------



## Nyr (Aug 8, 2013)

Leyton said:


> Yes, as aforementioned. Our budget solution is non exchange based.


I misunderstood your message then.

I was thinking the budged solutions were exchange based too, that's why I was so surprised by the price.

Maybe that's what buffalooed was thinking too.


----------



## KS_Phillip (Aug 12, 2013)

We use Google Apps for Enterprise, in addition to SendGrid.


----------



## zomgmike (Aug 12, 2013)

KS_Phillip said:


> We use Google Apps for Enterprise, in addition to SendGrid.


Are you happy with SendGrid?  Was considering using that myself.


----------



## wlanboy (Aug 13, 2013)

perennate said:


> Can you explain why you don't want to host your email locally? Then can better find a solution that fits your needs.


  


perennate said:


> Ok, then buy a VPS and host email on it


  


Wark said:


> A VPS will be fine for your needs.


As long as you do not have to send a lot of Emails a self hosted postfix/dovecot on a small 128 MB vps will do the job fine.
And I agree that I would not run any other services on that vps. Email servers are still a valuable target.


Running an Email server is quite easy.


----------



## Nyr (Aug 13, 2013)

wlanboy said:


> As long as you do not have to send a lot of Emails a self hosted postfix/dovecot on a small 128 MB vps will do the job fine.
> 
> 
> And I agree that I would not run any other services on that vps. Email servers are still a valuable target.
> ...


Running an email server isn't hard.


Correctly running an email server requires big amounts of work.


And you can't run something like AMaViS on a low end VPS.


Also: availability, backups, blacklists, contacts synchronization with mobile devices, etc...


----------



## stim (Aug 13, 2013)

The idea of running my own mailserver terrifies me. Security first and foremost.  

I'd rather pay a subscription to an expert to host my mail securely. Still haven't found one, though I'm sure there will be a raft of new services soon. 

Also keeping my hopes up for Bitmessage, but it has a long way to go yet. On the bitmessage broadcasts here have been hints of another, more robust p2p-based mail system about to hit the net.


----------



## perennate (Aug 13, 2013)

amavisd-new runs just fine on any VPS. If your setup requires a lot of maintenance or a lot of resources then there's a problem with your setup.

Security - so stick to standard packages that upgrade with your package maintainer. A web server is much more vulnerable than a mail server; so does that terrify you too?

Edit: of course if privacy is a concern you shouldn't run it on VPS; but obviously then you even more shouldn't run on hosted "solution"


----------



## Nyr (Aug 13, 2013)

perennate said:


> amavisd-new runs just fine on any VPS. If your setup requires a lot of maintenance or a lot of resources then there's a problem with your setup.
> 
> Security - so stick to standard packages that upgrade with your package maintainer. A web server is much more vulnerable than a mail server; so does that terrify you too?
> 
> Edit: of course if privacy is a concern you shouldn't run it on VPS; but obviously then you even more shouldn't run on hosted "solution"


Even the creators of iRedMail recommend at least 1GB of available memory for their stack.

Also, a misconfigured mail server is not something you want to trust your email on. And an email stack is much more difficult to configure than a standard web server. That's a fact: you can get a web server + PHP and MySQL running in five minutes while Postfix + Dovecot + MySQL + Roundcube + Amavisd with spam and virus scanning + DKIM takes hours for an experienced administrator.


----------



## wlanboy (Aug 13, 2013)

Nyr said:


> Running an email server isn't hard.
> 
> 
> Correctly running an email server requires big amounts of work.
> ...


As I said.

But it is not consuming a lot of work if you stick to the right tools.

This tutorial is a start. You can easly add feature after feature to your own mail server.

If you need a web frontend or any mobile support you can stick to tools that are based on IMAP.

I did not say that you have to abandon any service you are using. But a lot of people just need an IMAP account. And that is a quite easy task.



stim said:


> The idea of running my own mailserver terrifies me. Security first and foremost.


As easy as a web server or a game server.



perennate said:


> amavisd-new runs just fine on any VPS. If your setup requires a lot of maintenance or a lot of resources then there's a problem with your setup.
> 
> Security - so stick to standard packages that upgrade with your package maintainer. A web server is much more vulnerable than a mail server; so does that terrify you too?
> 
> Edit: of course if privacy is a concern you shouldn't run it on VPS; but obviously then you even more shouldn't run on hosted "solution"


Did anyone said something against amavis? Did not read anything.

Or are you referring to my tutorial? If yes it was a statement on a 128 MB vps.


----------



## wlanboy (Aug 13, 2013)

Nyr said:


> And an email stack is much more difficult to configure than a standard web server. That's a fact: you can get a web server + PHP and MySQL running in five minutes while Postfix + Dovecot + MySQL + Roundcube + Amavisd with spam and virus scanning + DKIM takes hours for an experienced administrator.


It depends on what you want. E.g. you do not need to have a running MySQL server for the virtual mapping of mailboxes. If you stick on postfix + dovecot + spamassasin + some config files you can run this stack on a 128 MB vps.

Roundcube as any other IMAP client can run on another vps.


----------



## perennate (Aug 13, 2013)

wlanboy said:


> Did anyone said something against amavis? Did not read anything.





Nyr said:


> And you can't run something like AMaViS on a low end VPS.


----------



## perennate (Aug 13, 2013)

> takes hours for an experienced administrator


Takes an hour tops, all you have to do is copy and paste from a guide... I've set up mine and once for William or someone, doesn't take long at all.

Not sure why iRedMail is needed.



> As easy as a web server or a game server.


Probably also more secure than both, for different reasons.


----------



## Nyr (Aug 13, 2013)

perennate said:


> Takes an hour tops, all you have to do is copy and paste from a guide... I've set up mine and once for William or someone, doesn't take long at all.
> 
> Not sure why iRedMail is needed.


OMFG, I can set up a mail server in ten minutes if you want, that's not the point.

A *proper* setup takes hours and I had found really few guides written by someone who really knows all the stack used.

For example, the tutorial referenced by wlanboy has multiple fails that denote the lack of knoweldge of the author on some topics:


Setting "disable_plaintext_auth = yes" will ensure you have problems with some Microsoft software.
Uses system users for authentication, virtual users will do the same and it's better and more flexible.
Virtual mappings are the proper way to set up aliases, but he sets up a simple aliases file instead.
He doesn't explain that Postgrey will delay your reception of emails for even hours. It can even make you lose some email completely and isn't really useful to combat spam nowadays. 
He doesn't setup DKIM/SPF at all. In the year 2013, this isn't optional and you will have deliverability problems if that's missing.
I don't remember how SpamAssassin works alone, but I think that he is either discarding all the Spam or only marking it without filtering (the first option, I suppose). Why not placing it on a spam folder for each user?
IIRC, SpamAssassin checks a RBL or two by default but even if not with the Ubuntu configuration, he should probably set RBL checking at SpamAssassin and don't double checks like he is doing.

There are probably more misconfigurations, but those are the first who caught my eye. I don't really want to trash his work, but the tutorial was lacking.

If you really want to manually configure your own mail stack, this is the best guide I could find:

https://workaround.org/ispmail/squeeze

Please note that this is for Debian Squeeze and with Wheezy, some Dovecot configuration has changed.

If you decide that it isn't worth the effort, iRedMail is a *really* good way to do this work. I don't know why they use Apache instead of nginx or lighttpd, but the script does an enormous amount of work automatically and sets up a very decent mail stack.


----------



## KS_Phillip (Aug 13, 2013)

zomgmike said:


> Are you happy with SendGrid?  Was considering using that myself.


They're ok.  The http api goes wonky at times, and they've had some smtp outages recently though.  We ended up writing a feature-complete alternative that we use, but it's not for public consumption.


----------



## Nyr (Aug 13, 2013)

KS_Phillip said:


> They're ok. The http api goes wonky at times, and they've had some smtp outages recently though. We ended up writing a feature-complete alternative that we use, but it's not for public consumption.


Mandrill is a good alternative to SendGrid too. I use them and am happy with the service.


----------



## perennate (Aug 13, 2013)

> He doesn't setup DKIM/SPF at all. In the year 2013, this isn't optional and you will have deliverability problems if that's missing.


SPF is exclusively DNS, there's nothing to change on the mail server itself. DKIM is easy enough to set up.



> He doesn't explain that Postgrey will delay your reception of emails for even hours. It can even make you lose some email completely and isn't really useful to combat spam nowadays.


So, don't install postgrey, big deal? I don't get it. That saves time, one less thing to install.



> I don't remember how SpamAssassin works alone, but I think that he is either discarding all the Spam or only marking it without filtering (the first option, I suppose). Why not placing it on a spam folder for each user?


Well if you want a different method you can set up amavisd-new and configure it to do whatever you want. Personally I prefer marking ***Spam***.


----------



## wlanboy (Aug 14, 2013)

Nyr said:


> For example, the tutorial referenced by wlanboy has multiple fails that denote the lack of knoweldge of the author on some topics:
> 
> Setting "disable_plaintext_auth = yes" will ensure you have problems with some Microsoft software.
> Uses system users for authentication, virtual users will do the same and it's better and more flexible.
> ...


I knew that this would come if I start one of my lean turorials about this topic.

This tutorial is about running a bare minimum mail server for private usage. I run this setup for 1 1/2 years for two of my domains. No abuse, no spam, no problems at all.

If you want an enterprise setup take Zimbra, cPanel, etc.

This is not about "this is the best solution" - this is all about starting a discussion.

My tutorials refine by feedback. Best example is my tutorial about iptables. A lot of good feedback and therefore a good solution for the community.

Good feedback is all about working examples. Not that simple "määähh I would do that better". But all necessary steps to add a feature / to do it in another way.

To your points:


disable_plaintext_auth = yes ... yes this will crash Outlook Express on Windows 2000. Every mail client for Windows 7 and Windows 8 can handle this. But if you need that ... disable this option.
I mentioned virtual mappings. You can use it if you want. For me the management is easier for real users - like cronjobs for backups.
Yup it is simple to setup virtual_alias_domains and  virtual_alias_maps. But my tutorial is at the beginning. I stated that I will add topics in the next weeks. You have to start somewhere. And you cannot say that the setup will not work for one domain and 10 accounts.
Well ... time for some Myth Busters. Postgrey is not bad. And you will not loose Emails. It is delaying email delivery for 50 seconds.
After 1 1/2 year I can say that 90% of spam was blocked through Postgrey because not a single spammer was resending an email after it got rejected. Simple because the spammer does not see if it is rejected by spam detection of by greylisting. And I never got a call from anybody that his/her email did not arravied. Even AOL and mail.ru are handling postgrey in the right way.


And yes I am able to wait 50 seconds for an email!

SPF is a simple TXT entry.

@ IN	TXT	"v=spf1 mx -all"

This entry means only the MX servers for the domain are allowed to send email for this domain.


Well quite a huge impact on security and for trust ... well default policies say: "if this test fails - ignore the test".


And of course you can add other ips too. But this is only needed if some ip is sending emails but is not a mx server.

DKIM
Easy setup but one additional service listening. A simple DNS entry:


k=rsa; t=y; p=the_public_key;

Well a public openssl key to ensure that the mail server can be identified by a crypt hand shake to be a good email sender.


Like SPF its is all about mail forwarders.


I am not a MX server, I don't have any rDNS records, I send emails for thousand of domains - so I look like a spammer and I smell like a spammer but I am not a spammer because I am allowed to send emails for this domain.


Therefore you need DKIM.


But even services like Hotmail for domains (domains.live.com) do not need DKIM entries because they are generating unique subdomains (for MX) per mail services. And yes live mail is using SPF but only the simple "all MX servers are ok".

You can do this. But this is a phase two step. Not needed but a nice to have. Something I will write about later.
On my point of view my goal is to reject an email as soon as possible. And doing it right on the receiver side of postfix is the first (and therefore best place) to do it in the postfix chain.

So no deal breakers and not something everyone needs.

If you want to add some valuable feedback feel free to post on my mail server thread.


----------



## Nyr (Aug 14, 2013)

perennate said:


> Well if you want a different method you can set up amavisd-new and configure it to do whatever you want. Personally I prefer marking ***Spam***.


SPF and DKIM are very important parts to not be even mentioned. And yeah, they aren't hard to setup *if you know you should*.


perennate said:


> So, don't install postgrey, big deal? I don't get it. That saves time, one less thing to install.


Yeah, big deal because you shouldn't instruct people to setup something if they don't expect the consequences.


wlanboy said:


> Well ... time for some Myth Busters. Postgrey is not bad. And you will not loose Emails. It is delaying email delivery for 50 seconds.After 1 1/2 year I can say that 90% of spam was blocked through Postgrey because not a single spammer was resending an email after it got rejected. Simple because the spammer does not see if it is rejected by spam detection of by greylisting. And I never got a call from anybody that his/her email did not arravied. Even AOL and mail.ru are handling postgrey in the right way.
> 
> And yes I am able to wait 50 seconds for an email!


You clearly don't understand how Postgrey works. That 50 seconds is the time Postgrey will be dropping incoming email from a sender. The time you need to wait deppends on the sender's MTA configuration and can be several hours. If the MTA doesn't want to retry the delivery, you lost that email. And yeah, most modern MTAs try resending an email multiple times by default.


wlanboy said:


> If you want to add some valuable feedback feel free to post on my mail server thread.


As I said, mi intention wasn't to trash your work at all. You simplified a complex setup and it's fine. I will maybe do an automated script myself, but that is going to take me some time, so I am not sure when it will be finished. Anyway, thanks for trying to help people to evade the big brother, really


----------



## perennate (Aug 14, 2013)

> SPF and DKIM are very important parts to not be even mentioned. And yeah, they aren't hard to setup *if you know you should*.


Yes, I guess. But what I mean is, there doesn't need to be one single mail server tutorial. You can have instead a summary of what one should (or might want to) set up and then a link to each thing. Because guides to set up each of those already exist.



> Yeah, big deal because you shouldn't instruct people to setup something if they don't expect the consequences.


I thought the postgrey page was pretty clear about the consequences. Personally I don't see a reason to use it. Still, if you use email to communicate with people you know mostly, then it isn't a problem.

Also should add backup mail server to the guide. Some people may not want it, just like with postgrey the MTA will always retry later if the connection times out or is rejected or whatever, but backup is useful.


----------



## Nyr (Aug 14, 2013)

perennate said:


> Also should add backup mail server to the guide. Some people may not want it, just like with postgrey the MTA will always retry later if the connection times out or is rejected or whatever, but backup is useful.


Is relatively useful.

I mean, back in the old days, it was really needed, email wasn't as standardized as it is today and you could really miss some emails if your server was down. Today, if a server is down, the remote MTA will try to deliver the message for several days (4-5 days as per a RFC IIRC).

That means, running a backup server it's useful more than anything so you control when that mails are delivered when your primary MX returns.

The problem is: a misconfigured mail server can and will get abused by spammers. The rule of thumb this days seems to bethat if you can't run a backup server as secure as your primary MX, don't run one at all. This is important because many backup servers will accept emails for all addresses, existing or not on a domain, even all email for any domain at all. And if proper filtering isn't implemented, you end up with RBLs not working as they should when spam is forwarded to your main server, etc...

Not only this, due backup servers usually being less protected than the primary MX, spammers usually deliver to the lower priority servers directly, since they are more prone to acept and forward the spam, so this isn't only a problem when your first MX is down.

Just my two cents


----------



## wlanboy (Aug 15, 2013)

Nyr said:


> SPF and DKIM are very important parts to not be even mentioned. And yeah, they aren't hard to setup *if you know you should*.
> 
> 
> You clearly don't understand how Postgrey works. That 50 seconds is the time Postgrey will be dropping incoming email from a sender. The time you need to wait deppends on the sender's MTA configuration and can be several hours. If the MTA doesn't want to retry the delivery, you lost that email. And yeah, most modern MTAs try resending an email multiple times by default.
> ...


At least you did not start a holy war for the daemons. Like exim vs postfix vs sendmail. 

Why did I start this tutorial? Right because of discussions like this.

But please don't tell me I am not knowing how greylisting is working. We do have different opinions on this topic and I am accepting your point of view. But I did not say that you do not know what you are talking about - because this is not an argument.

This debate (about greylisting) is old and both of our arguments are old too and at least used by our parents generation too.

Looking to your posts it looks like you know the pros and cons too:



> PANIC! Everyone using your tutorial will loose all his emails!!!!


Changed to:



> If the MTA doesn't want to retry the delivery, you lost that email.
> 
> 
> And yeah, most modern MTAs try resending an email multiple times by default.


And yes all of my tutorials are about simplifying complex topics. I want to lower the barrier for everyone interested in running a service.

There are a lot of wikis that explain the full setup. And after someone is running ngix, openvpn or a mail server he/she will start to search for advanced topics too. They just have to be convinced that it is not magic but some config files.

Don't worry about my view on your intentions. I like to debate on pros and cons of every solution. I did not see your post as a bash - but don't think that "setting option A is bad" is enough to convince me 



Nyr said:


> That means, running a backup server it's useful more than anything so you control when that mails are delivered when your primary MX returns.
> 
> This is important because many backup servers will accept emails for all addresses, existing or not on a domain, even all email for any domain at all. And if proper filtering isn't implemented, you end up with RBLs not working as they should when spam is forwarded to your main server, etc...


Second that.

Backup MX servers are not needed any longer and are quite a risk if you do not setup them in the right way. E.g. they are not a trusted source for emails (my_networks).


----------

