Re: [Blind-sysadmins] Mail handling for personal domains (was Migrate from Office365 to Outlook.com)

+1 on this configuration, I’m postfix + dovecot with SSL support. I also run SoGo for exchange / active sync support. Can happily say I’m Microsoft free in my design.

On Oct 4, 2017, at 11:00 PM, Kelly Prescott wrote:

I use postfix for my MTA. I utilize the postscreen functionality to enforce some smtp protocol checking such that if a client does not behave per spec, I drop the connection. This catches the majority of spammers, as they don't take the time to properly impliment the smtp protocol. They do this so they can spew the most mail possible. I also use a few blocking sites in my postscreen setup. They are: b.barracudacentral.org, zen.spamhaus.org, psbl.surriel.com I also have the following smtp recipient restrictions: reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.surbl.org

This almost entirely kills my spam and SpamAssassin doesn't have much to do. I have used more aggressive rules, but that makes some mail that is valid get blocked. This is my current setup and it works well.

On Wed, 4 Oct 2017, paulo donizeti gardinalli filho wrote:

...

hi, kelly, can you provide more details about your setup? i am suffering with spam attacks. thanks in advance! best regards, paulo -----Mensagem original----- De: Kelly Prescott Enviada em: Quarta, 4 de Outubro de 2017 07:43 Para: Jason White via Blind-sysadmins Assunto: Re: [Blind-sysadmins] Mail handling for personal domains (was Migrate from Office365 to Outlook.com)

Jason, SpamAssassin is fine, but your real milage will be gained by tuning your initial mail excepting rules. Filtering is a reactive approach, what you want to do is to deny spammers the chance to ever deliver a message in the first place. This reduces load on the server, and frustration on your part. Many spam clients behave in certain ways which are easily detectable to postfix, for example. I use a set of pre-processing rules for mail connections, and I could turn off my SpamAssassin and only get 1 or 2 spam messages per day. When I turn off my pre-processing rules, I get several hundred per day. My email addresses are well known and I get lots of spam attempts. Also, you can tune how aggressive your rules are. I am fairly aggressive, but I have never blocked an important message. and I review my logs to test my blocking as I use it or versions of it in my production email systems that I deploy for clients. If you are interested in technical details of my setup, let me know.

-- Kelly Prescott

On Wed, 4 Oct 2017, Jason White via Blind-sysadmins wrote:

...

I'm presently running a mail server for my personal domain via a Linux installation hosted at linode.com. It works well, and the virtual machine is also offering various other services that I've configured (DNS, a small Web server, telephony via FreeSWITCH - not functional at the moment but likely to be reconfigured when I have time, etc.).

There is no calendar, though I would like one that is compatible with both iOS devices and Microsoft Outlook.

The main problem with the mail server is spam. I've tried SpamAssassin, rspamd and, the most successful of the options, crm114, which regrettably isn't currently maintained but still runs. The best that I've been able to achieve regrettably yields too many false positives.

Thus my options are either to rework the antispam solution or to consider having the mail hosted by a large mail provider. Google and Microsoft, for example, can host, but it appears that one has to be a business in order to host domains with them, under a business plan. Of course, I love command line administration and the flexibility to configure everything - I would rather not go to an entirely Web-based UI designed for nontechnical users that doesn't provide the desired degree of control. I'm not running a business of any kind - I'm an individual in ongoing, full-time employment.

Suggestions are welcome.

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Ryan Shugart via Blind-sysadmins Sent: Monday, October 2, 2017 7:26 PM To: Blind sysadmins list Cc: Ryan Shugart Subject: Re: [Blind-sysadmins] Migrate from Office365 to Outlook.com

Hi: I looked at doing this myself a while ago for my personal domain, but in the end decided not to go there for now. Outlook.com is using Exchange on the back end, but you don't admin it like an Exchange account, AKA it didn't look like you had access to the EAC or Powershell CMDlets like you do with Exchange Online. I also couldn't figure out how to do some things like set up email aliases for users so multiple email addresses went to one account, set up group distribution lists, etc. So if you're looking for just basic email accounts and nothing more this may be OK, but if you want more advanced functionality, for now at least, you may want to stick to O365 with Exchange Online. I've always had the O365 business essencials package which doesn't have any Office downloads (accept for the Skype for Business client) and then used other options to get copies of Office. Ryan

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Monday, October 2, 2017 8:52 AM To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Migrate from Office365 to Outlook.com

Hi,

For those of us who use Office365 as Exchange accounts for personal use, you may like to know that outlook.com is now powered by Exchange Online and has the same features as Office365.

You need to subscribe to Outlook Premium and pay a domain adding fee yearly to get this, but that gives you 5 email addresses. For those of us with 5 Office365 subscriptions that is quite a saving.

I haven't done the migration as I pay annually for my subscription, and still may continue with it at the moment. From what I have read there is downtime as you need to delete your domain from the Office365 control panel and then add it into Outlook to make sure everything migrates across, there is apparently a nasty situation if you cancel the account without doing this where your domain is in limbo for 90 days in the database. That gives you an outlook.com and a domain email, you can then invite 4 more outlook.com members to sign up for your domain, giving you 5 addresses in total.

If I don't do anything else I will be migrating to the Office365 personal next year instead of paying for the Office software as part of the subscription as it works out cheaper and gives you 1GB of OneDrive space per account which is actually quite useful as other apps use OneDrive personal and can't access OneDrive Business.

Just thought it would be interesting for people. Let me know if you do it, Andrew. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.hodgs onfamily.org%2Flistinfo%2Fblind-sysadmins&data=02%7C01%7Cryshugar%40microsof t.com%7Ccf3c3c27bcf249b53a8008d509ad95ab%7C72f988bf86f141af91ab2d7cd011db47% 7C1%7C0%7C636425563536744144&sdata=2%2BXxLD3TzOIEq5ERe13UO3RnLMvdlEM8%2FcPq% 2BvqK4Ds%3D&reserved=0

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins