I’m putting together a list of email server features that you should look for. I’m thinking:
- Transport Layer Security support –
- this successor to SSL means that your connection will be encrypted. You want this so that your email and your login details aren’t being intercepted. Unless you trust everything between you and your mailserver completely, this is pretty much a minimum requirement.
- A good login method, probably either CRAM-MD5 or APOP –
- you want this so that you aren’t simply sending your password over the network. Your connection might be encrypted, but this is a belt-and-braces approach.
- IMAP rather than POP –
- Internet Message Access Protocol usually offers many more features than the antiquated Post Office Protocol. POP usually shoves all your email through your virtual letterbox, junk or not, and dumps it on your computer. IMAP is more like telling a postman which email to deliver where and when. You can create folders on the server (as well as on your local computer), you can delete junk mail before you download its bodies and it’s easier to access your email from multiple locations – like your desktop and your phone. QMUL has a longer comparison but nearly everyone would be better off with IMAP.
- Sieve configuration –
- Now I’m getting really optimistic. A Sieve file is an instruction file of standardised mail filtering rules. They’re a little harder to write, but should be much easier to move between Sieve-compatible mailservers.
So do you agree with those as desirable features, and would you add more?
Update: add “user-controllable spam-filtering on receipt” to the above, with a reasonable set of defaults (like: yes to scoring, no to blacklists) and at least the ability to switch it off if you don’t like it.
As you talk about server features in general, not just user-visible, a virtual user setup is really desirable, to avoid having UNIX accounts for mail users. Dovecot + Postfix makes a good team.
Also, transparent for the user too, Maildir makes a good performance and maintenance gain.
A good IMAP support with a correct set of extensions. 🙂
Like fast search on server-side, etc.
What about Spamhandling? I feel this is a most important feature of a mailserver, since without it I could’ve thrown away my mail address a long time ago.
What kind (DNSbl, greylisting, content filtering, sender address verification, domain key or whatever it is called nowadayys…) is probably still a matter of taste.
@Jordi – what’s not user-visible of my list? OK, some of my list (login method, for example) are a little hard to spot, but I think they all are.
@Adrian von Bidder – good point, I’ll add that. I take it a bit for granted now. Although if you have sieve, you can do rudimentary content filtering, but greylisting and other receive-time measures are worthwhile.
I’m sure I was going to write another comment, but I forget what it was. I’ll post it later if it was important…
I’m actually finding sieve easier to use than procmail was now I’ve migrated to my new server which has a nice new setup of Exim (receiving and greylisting) and Dovecot (delivery, sieve and IMAP). Using Dovecot as the MDA to use sieve and provide faster indexing has proved a good choice so far (of course I now have to look at upgrading to the recently released v2 at some point!). Of course this is all getting into the solution rather than definition of requirements 🙂
Doesn’t CRAM-MD5/APOP require that the email server store your password in plain-text, thus increasing security in one place but decreasing it in another?
One thing I like about dovecot, when you’re using real Unix accounts, is that I can use ssh as my authentication method. Configure offlineimap to use ‘preauthtunnel = ssh -q servername /usr/lib/dovecot/imap’ and you’re golden.
@Marius Gedminas – you’re right about CRAM-MD5. Good catch. Was I thinking of DIGEST-MD5?
I think APOP does require a password in plain-text. Some servers I’ve used let you set a password specifically for APOP and different to other logins. Anyway, people probably shouldn’t be using POP for the other reasons mentioned.
I’ll second the nicety of having an email server you can SSH to and use preauth IMAP rather than storing a password.
Was going to add spam filtering but Adrian beat me to it.
On the other side, if you are sending a lot of email you need to be able to shape outgoing email so you don’t upset Hotmail and Yahoo, but especially hormail. So rate limiting features in and out, but hard to define what precisely is needed here unless you overstep the mark and discover you now need it. We deliver to hotmail and friends at no more than an email per second, one can probably be more aggressive but most of the time that rate is fast enough.
My preferred secure login method is Kerberos (typically abstracted via GSSAPI for remote services these days), but that may entail more infrastructure than you care to set up.
You didn’t mention whether you are looking for features for the use of an individual or corporation or whether they are for an ISP.
For an individual or company you can have one set of options for various things such as anti-spam, but for an ISP you want to be able to vary it on a per-user basis.
Per-user options for grey-listing, SpamAssassin options (score for SMTP reject, score for “spam” folder, and customisations such as white and black lists), DNSBLs, and other anti-spam measures would be good for an ISP.
SpamAssassin can take settings from a MySQL database with the recipient email address being the key. But things like DNSBL use on a per-user basis is not possible with all MTAs – of course SA can do DNSBLs too.
Then once you get such configuration you need an easy way for users to modify their own settings, almost always a web site to manage it.
I’m about to get SA going with MySQL on what started as my personal mail server but ended up virtual hosting a bunch of domains for many other people.
Thanks for all the brilliant comments.
@Russell Coker – I’m looking for an individual or corporation. ISPs can always set up their own servers if they wish.
@Simon – sorry to point it out but I love the “hormail” typo.
IMAP shared folders. Cyrus seems to be the only IMAP server that handles this really well. Plus, you can mirror NNTP groups into your IMAP folder hierarchy – really useful for those of us still reading Usenet.
@pixelpapst – what do you mean “handles this really well”? Dovecot seems to work with shared folders for our co-op, although you do need to tell it what permissions to apply to which shared folders. Not tried the NNTP-to-IMAP thing, but I sometimes think I should.
@MJ Ray:
when I last looked at dovecot, to get shared folders you had to symlink folders, there was no way to store per-user Seen state, and you had to tweak filesystem ACLs for limited possible access control.
Looking at it again, I see in
http://wiki2.dovecot.org/SharedMailboxes/Public and http://wiki2.dovecot.org/SharedMailboxes/Shared that dovecot seems to have gained all the features I’d require from it, even IMAP style ACLs, although quite a bit of configuration still seems to be required. So I retract my above statement (at least until I have actual experience playing with an existing dovecot setup).
However, having gotten to know the power of the cyrus-is-a-black-box-do-everything-through-IMAP model over the last years, I’d still recommend that. But I appreciate other people having different use cases, and in some of them direct access to a Maildir store might add value.
Regarding Usenet over IMAP, definitely have a look at it. Gmane usage is not as intuitive as I’d like, but for real newsgroups it’s made my life quite a bit simpler. Mail me if you’d like an account to play with.