5. A mailserver

Setting up a mail server has two big problems:

  • It is difficult to maintain; especially the security patches are a PITA
  • Mail server set-up is complicated. Very complicated.

There are two solutions for that:

  • With fetchmail you do not need to expose your mail server to the Internet
  • With citadel setting up the mail server is easy

So, Citadel it is.

5.1. Install Citadel on a Pi

5.1.1. Considerations

You will be wanting to keep quite a lot of mail on-line. The SD card is not the right place to do that. And, although you could use a USB stick, I would recommend spinning rust. You will need to put /var/lib/citadel on that disk. You could choose to put /var completely on the disk, which will further relieve your SD card from write actions.

I would not state that mail is the most important thing in life, but I would be pretty miffed if I lost my mail. So a backup is required for me.

Installing Citadel is an interactive process. You will be prompted with Package Configuration dialogs, that may change from version to version. I would have loved to install Citadel with Ansible, but I failed to do that consistently.

5.1.2. The installation

The default installation method for Citadel on a Pi is:
sudo -s
apt-get update
apt-get upgrade
apt-get install citadel-suite

You will see a number of dialog screens:

  • Please specify the IP address which the server should be listening to. 0.0.0.0 is OK, because we're not exposing it to the Internet.
  • Authentication method to use: I use Internal, because I do not serve an LDAP or AD
  • Citadel administrator username: admin is fine; choose your own password.
  • Use internal for webcit, unless you plan to integrate it with Apache
  • HTTP port 80, HTTPS 442
  • User defined language

which is basically all the defaults. (If that was consistent I could install it via Ansible...)

5.1.3. Configuration

Adding accounts is reasonably well documented, so just read the fine material that Citadel provides.

5.2. Fetchmail

To get the mail in, I use fetchmail. This allows me to have different mail providers and get it all in one mailbox at home.

Installing is, as you'd expect:
sudo apt-get install fetchmail

Next, make for every user a .fetchmailrc in their home directory. The file should look like this:
poll pop.provider1.nl with proto POP3
    user "username"     , with password "secret"    , is my_name here warnings 3600
    user "second_user"  , with password "hemlighet" , is my_name here warnings 3600
	user "third_user"   , with password "tajomstvo" , is my_name here warnings 3600
poll pop.provider2.nl with proto POP3
	user "mailbox"      , with password "geheim"    , is my_name here warnings 3600

And you might put in the crontab for the user:
0,15,30,45 *  *   *   *    /usr/bin/fetchmail -v > /tmp/user.last_mail_fetch 2>/tmp/user.last_mail_error
to get mail every 15 minutes.

5.3. A backup server

Making a backup-server is basically the same as the primary server. The main difference is that you do not enable fetchmail yet.

Having a backup server is good, but you must transfer your mail to that server. Once again, it is time for some condiderations.

  • If your server crashes, how much mail would be acceptable to loose?
  • What kind of problems will you protect yourself against?

For me, the acceptable loss will be from the backup that night to the crash and the main problem is a disk crash on the primary server or a complete loss of that server. In case of file corruption that is propagated, a longer loss of mail would be acceptable.

This leads to the following strategy:

  • At night, when I'm asleep, bring down both Citadels (primary and backup)
  • Make a copy of /var/lib/citadel and /etc/citadel to a backup server
  • do an scp of those directories from the primary to the backup server
  • bring the Citadels back on-line.

Due to the speed of the Pis, size of the mails and the network performance in my home, this backup takes about an hour.

A problem where I ran into was that the backup server was of a newer version than the primary server. That meant that I had both a new and a legacy configuration on the backup server. Citadel did not know whether to use the legacy or the new and refused to start to avoid corruption. I removed the new configuration, did a new backup and everything worked.

As with every backup, you need to check from time to time that it went well. Because Citadel has a web-server, you do not need a mail client to do that check.