Is MIAB the right option for me?

rwillett · May 14, 2018, 4:39pm

Hi,

I came across MIAB as I was looking to replace our old Postfix server. It’s approximately 15 years old (could be even older), it’s been virtualised, moved onto numerous ESXI servers all around the country and has been pretty well bomb proof. It runs our family e-mail and has been hacked, updated, modified, changed and generally bears little resemblance to what it started life out as.

The problem is that its old, doh, the OS is years out of support, there are no patches any more and whilst it does still run on an ESXI 5.5 server, its probably time for us to move upwards and onwards.

We don’t want to try and migrate the server config as its so old (did I mention that), so we are looking around for a replacement and we’ll migrate the data and some of the ‘concepts’.

I’ve been reading through the forum as I think support forums tell an awful lot about a product, free or otherwise. It tells me that MIAB is actively supported and that the level of support is pretty informative. I also checked out some topics that are of interest to see what the answer might be.

So far I’ve installed MIAB on a Ubuntu 14.04 LTS virtual image on my Macbook. I thought I’d kick it around the block and see what it can do. I’ve not sent any emails or configured it as a MX server, but was interested in the admin pages and the functionality on them.

What I want any new mail server to do is:

Handle multiple email domains, e.g. domain1 dot com, domain2 dot com. I think MIAB does this but its a little confusing as some of the forum answers weren’t clear, yet the documentation seems pretty clear it can.
Handle somehow, no idea how, the hundreds of email address I have setup for my own use to handle things like mail list registration, e.g. if I want to subscribe to this email list, I’d use rwillett.miab@example.com. Clearly example.com is NOT the right domain, but I don’t want email scrapers to get another address. On my current Postfix installation, I have rules setup in /etc/postfix/virtual that map certain rules to a single email address, my own, this means I can subscribe to a mailing list with a unique address and then block that unique address if the mail gets harvested. I have high dozens of email address that simple goto /dev/null as the email address has been compromised. Adobe I’m looking at you!

This means I currently use regexp rules, the use of the ‘.’ as recipient_delimiter (mmm, already read the forum posts on changing from ‘+’ to ‘-’ or ‘.’), and blocking by recipient mail address blocking. I don’t think MIAB handles any of these BUT it might be possible to handle this through other means that MIAB may support. The problem is that the whole family uses this approach, and we have subscriptions going back 10 or more years. Whilst we can go forward with new ideas, I can’t simply throw away what we have done before

Multiple SSL certificates for each hosted domain. I know that LetsEncrypt can handle multi domains though the -d options as we’ve already tested that.
IMAP support, Dovecot is fine.

Sp the big issue for me is how to handle the old (and useful) email addresses. I can setup a catchall for each domain (I think) so the user can work it out, but I can’t see any way to block old addresses.

Any suggestions welcomed.

Rob

murgero · May 14, 2018, 8:40pm

MIAB uses “+” as a delimiter for “recipient_delimiter” in postfix.

Otherwise it looks like it should handle everything you need it to.

Yes, MIAB handles multiple domains at a time. as many as you need / want.

MIAB does handle all certs for you so you don’t need to touch them (unless the website you host is not hosted in MIAB). only 1 ssl cert is needed per domain if miab is doing all hosting for it (DNS, Mail, and Web Hosting)

IMAP support is in MIAB as well as ActiveSync.

Another solution is mailcow, iRedMail, Zentyal, etc. (Since I used to use mail-in-a-box, I have since moved to Mailcow, both MIAB and mailcow work VERY well.)

rwillett · May 14, 2018, 8:57pm

Thanks, I’ve fired up a new installation on a public server rather than VMWare session on a laptop.

Literally just finished the install and am looking at the DNS warning messages as I got this email.

We use an external DNS provider, so am trying to understand the nameserver linkages and failing miserably. We’ll work it out.

The ‘+’ delimiter is the wrong one for us, we’ll see if we can convert MIAB to use ‘.’ instead. We’ve no issues with a small script that changes things over between upgrades.

We’re not going to use web hosting as thats handled elsewhere, we want the mail stuff

We have a sacrificial server now. We’ll play with it and see how far we get.

Thanks for the help.

Rob

murgero · May 14, 2018, 9:34pm

Who is your DNS provider?

rwillett · May 15, 2018, 5:26am

Hi @murgero

My DNS provider is easydns,com. Used them for years and years.

rwillett · May 15, 2018, 5:43am

We have found a problem with what we want to do.

As previously described, we use unique and throwaway email addresses for subscriptions to things.

e.g. we could use the following e-mail addresses to subscribe to a mailing list and a web site

rwillett DOT maillist1 AT example DOT com
rwillett DOT website2 AT example DOT com

These email addresses use a regexp in /etc/postfix/virtual to forward to a single e-mail address, rwillett AT example DOT com.

If a mailing list address gets harvested e.g. I receive spam to rwillett.maillist1 AT example DOT com, I then edit /etc/postfix/virtual and specify that

rwillett DOT maillist1 AT example DOT com is sent to /dev/null.

This is easy to do, and I never see any mail to rwillett DOT maillist1 AT example DOT com.

Now we have worked out how to handle old style ‘dot’ notation email addresses, we’ll simply go through the last 15 years of emails and pull them out and manually add them as aliases to MIAB. Thats what Perl is for We then use the ‘+’ as the recipient_delimiter which is the MIAB default. We’re trying to get to the default for everything.

However I can’t see a way in the web interface to block addresses TO a recipient on MIAB. e.g. no way to block rwillett+mailinglist2 AT example DOT com.

We had a look in /etc/postfix/main.cf and the other files and can see that it picks data out of a SQLite DB using SQL which is fine, we know SQLite and SQL so we may have a look in there just to see how it works.

But since MIAB seems well thought out, we are making an assumption that other methods, such as SpamAssasin, Posstgrey or SpamSieve are good enough to stop spam and our older school method of manually blocking specific recipient emails is no longer needed.

Sorry for all the questions, but I can’t afford to get this wrong

Rob

murgero · May 15, 2018, 1:53pm

Since those email tags are used by the user, they themselves would have to know not to use it or something. You could add a global rule (in postfix manually) to deny to the address.

rwillett · May 15, 2018, 2:10pm

I think we have to bite the bullet and come up with a different solution.

My feeling is that we forward everything to the user and allow MIAB to use SpamAssasin and Postgrey to filter things out.

We’ve can try that, see how it goes and then if it dfoesn’t work, we move back to the old server and try a different strategy,

Rob

alento · May 15, 2018, 2:44pm

I know that if I were faced with a similar situation, I would simply add the specific email alias alento.maillist1 AT example DOT com when subscribing to maillist 1 and would simply remove the alias when/if the address gets harvested. Doing so, the emails sent to alento.maillist1 AT example DOT com would simply bounce.

I suspect that you are looking for a totally automated system and have other users which you would not want to give admin permissions to.

However, maybe you have the ability to write a script that would use the API to add and remove aliases?

rwillett · May 15, 2018, 3:46pm

@alento

Thanks for the suggestion.

I wasn’t actually looking for an automated solution, but now you mention it, we could look at that

The problem with adding in email addresses as aliases is that we need to be proactive, e.g. as I create a unique email address, I have to then add it to the system for it to be allowed. My old system used regexp rules to allow certain well formed email addresses and then we blocked specific ones. Postfix checked for blocking before it checked the regexp pattern.

The problem is that there doesn’t appear to be any way to block e-mails based on recipient, apart from forwarding problematic email addresses to an email address that is ignored (which is an option).

The working assumption for MIAB appears to be that the underlying spam detection of Postgray and SpamAssassin is adequate, which it might well be.

Rob

alento · May 15, 2018, 3:52pm

In my deleted post I was thinking out loud about the Roundcube filters. I am not real clear on how everything works together so I do not know if adding Roundcube filtering rules would be beneficial or not. If so, you could block the problematic email addresses there.

rwillett · May 15, 2018, 4:10pm

Never even looked at RoundCube as its not something we need. I’ll have a look.

Thanks

system · May 22, 2018, 4:10pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.