Mail server install questions

[Steven Smith]

> So, I’m back to my (slow) migration of an existing macOS High Sierra + Server.app Apple-’supported’ mail server to one based on macOS Mojave + Server.app + macports. Server.app is running. DNS is running. Users are in OpenDirectory. Their backup home directories (synced with clients) are available. Now it’s time to migrate the mail server. That is (as on High Sierra): postfix + dovecot + spamassasin + clamav + greylisting. But while I’m at it I’d like to enable DMARC at least. I’m used to managing the configuration by editing files (such as main.cf and master.cf, whitelists, etc.) at the unix level.
Yes, that’s exactly the scenario the port mail-server was designed for. It provides configuration of MacPorts ports that performs integrated smtp+imap+av+DMARC+dkim+search and other stuff. Its configuration is based in part on the old macOS Server.app version 5.7 Mail server, but updates this with a lot of newer capabilities. Bottom line: rspamd in, spamassassin out. I’m using it right now and it performs much better than the old macOS Server.app Mail server. The one thing it’s missing is fine-grain, managed acl’s. You’ll need to evaluate the security model for your own situation yourself and make adjustments, and please provide feedback if you have any concerns.
> A user-friendly way to manage sieve filtering by end-users would be nice (I had roundcube once, have been editing the sieve file by hand since then on the server).
Dovecot-sieve with specific user space sieve directories is part of this configuration.
> I have a few questions that arose during preparation (mostly because I was unable to find documentation for the port): I was looking at available documentation. There is a mail-server ‘aggregate’, but it wants X11. Why? How do I find out what variants I need.
I don’t know which dependency wants X11. The port dependencies are all independent MacPorts ports, so defer to their design.
> Definitely pure, but for instance do I need a variant that can use the local Open Directory for authentication (postfix and dovecot) and if so, how do I find out?
The old macOS Server.app had a modified dovecot that provides OD authentication. It has some nice features like using UUIDs for user directories. This isn’t available now. But the code is open source if anyone wanted to patch it in. My expectation is that this would be a major project and unnecessary.
> Why does the dovecot port add users/group that already exist on macOS (_dovecot, _dovenull)?
You want to keep MacPorts-managed users/groups separate from OS-managed ones. Also, I’m not certain/doubt that those exist on a non-Server.app macOS. However, user postfix does, and you definitely don’t want to cross over into native postfix space.
> Why would I add lucene etc. if all searching and indexing happens on the client side (Mail.app, spotlight)?
Because solr searches from mobile devices are lightning fast and awesome. Night and day difference from the old macOS Server.app configuration.
> I looked at installs for postfix and I noticed in the last year it has been installed only once. Is that right? dovecot2 has 2. dovecot2 has no maintainer. I find wiki pages, but then they are often unfinished/incomplete. Makes me wonder: is there any volume in this community or will I be effectively be the only one?
No. That mainly a function of macOS Server.app providing a Mail server. It was completely unnecessary to use open source mail server tools on macOS so long as Server.app supported it. But it doesn’t anymore, so we’re have a mail-server port that provides a configuration for this capability. Also, those numbers are from mpstats users that volunteer usage statistics—that’s not all users.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20190907/639632dd/attachment.html>