5. A mailserver
Setting up a mail server has two big problems:
It is difficult to maintain; especially the security patches are a PITA
Mail server set-up is complicated. Very complicated.
There are two solutions for that:
With fetchmail you do not need to expose your mail server to the Internet
With citadel setting up the mail server is easy
So, Citadel it is.
5.1. Install Citadel on a Pi
You will be wanting to keep quite a lot of mail on-line. The SD card is not the right place to do that. And, although you could use a USB stick, I would recommend spinning rust. You will need to put /var/lib/citadel on that disk. You could choose to put /var completely on the disk, which will further relieve your SD card from write actions.
I would not state that mail is the most important thing in life, but I would be pretty miffed if I lost my mail. So a backup is required for me.
Installing Citadel is an interactive process. You will be prompted with Package Configuration dialogs, that may change from version to version. I would have loved to install Citadel with Ansible, but I failed to do that consistently.
5.1.2. The installation
The default installation method for Citadel on a Pi is:
sudo -s apt-get update apt-get upgrade apt-get install citadel-suite
You will see a number of dialog screens:
Please specify the IP address which the server should be listening to. 0.0.0.0 is OK, because we're not exposing it to the Internet.
Authentication method to use: I use Internal, because I do not serve an LDAP or AD
Citadel administrator username: admin is fine; choose your own password.
Use internal for webcit, unless you plan to integrate it with Apache
HTTP port 80, HTTPS 442
User defined language
which is basically all the defaults. (If that was consistent I could install it via Ansible...)
Adding accounts is reasonably well documented, so just read the fine material that Citadel provides.
To get the mail in, I use fetchmail. This allows me to have different mail providers and get it all in one mailbox at home.
Installing is, as you'd expect:
sudo apt-get install fetchmail
Next, make for every user a .fetchmailrc in their home directory. The file should look like this:
poll pop.provider1.nl with proto POP3 user "username" , with password "secret" , is my_name here warnings 3600 user "second_user" , with password "hemlighet" , is my_name here warnings 3600 user "third_user" , with password "tajomstvo" , is my_name here warnings 3600 poll pop.provider2.nl with proto POP3 user "mailbox" , with password "geheim" , is my_name here warnings 3600
And you might put in the crontab for the user:
0,15,30,45 * * * * /usr/bin/fetchmail -v > /tmp/user.last_mail_fetch 2>/tmp/user.last_mail_errorto get mail every 15 minutes.
5.3. A backup server
Making a backup-server is basically the same as the primary server. The main difference is that you do not enable fetchmail yet.
Having a backup server is good, but you must transfer your mail to that server. Once again, it is time for some condiderations.
If your server crashes, how much mail would be acceptable to loose?
What kind of problems will you protect yourself against?
For me, the acceptable loss will be from the backup that night to the crash and the main problem is a disk crash on the primary server or a complete loss of that server. In case of file corruption that is propagated, a longer loss of mail would be acceptable.
This leads to the following strategy:
At night, when I'm asleep, bring down both Citadels (primary and backup)
Make a copy of /var/lib/citadel and /etc/citadel to a backup server
do an scp of those directories from the primary to the backup server
bring the Citadels back on-line.
Due to the speed of the Pis, size of the mails and the network performance in my home, this backup takes about an hour.
A problem where I ran into was that the backup server was of a newer version than the primary server. That meant that I had both a new and a legacy configuration on the backup server. Citadel did not know whether to use the legacy or the new and refused to start to avoid corruption. I removed the new configuration, did a new backup and everything worked.
As with every backup, you need to check from time to time that it went well. Because Citadel has a web-server, you do not need a mail client to do that check.