Description
What do I deliver with this Offer?
I have been setting up fully secure, encrypted and private mail servers for the past 15 years. I focus on achieving the highest deliverability rate and the strongest security possible. For long-term mail server solutions, my operating system of choice is OpenBSD, which is widely regarded as the most secure server-based OS available.
OpenBSD has the fewest security vulnerabilities of any operating system. With this setup, your mail server is guaranteed to run securely and flawlessly for many years!
You will receive the following (latest stable versions):
=> Installation of OpenBSD OS on your VPS/Dedicated Server
=> Postfix (Mail Transfer Agent) setup
=> Dovecot (IMAP/POP3 server) configuration
=> Rspamd (anti-spam/anti-phishing)
=> ClamAV (antivirus/malware protection)
=> DMARC & SPF & DKIM & rDNS and fc-rDNS (forward-confirmed reverse DNS) Pass
=> Highest grade on: Email Security Grader (emailsecuritygrader.com)
=> Highest grade on: Mail-Tester (10/10 points) (mail-tester.com)
=> Highest grade on: Qualys SSL Labs (A+)
=> Roundcube: A very secure webmail interface with OTP / TOTP
=> SOGo: A very secure webmail interface with OTP / TOTP
=> Webmail interfaces running on HTTPS – Valid, verified SSL certificate for your domains – periodically renewed!
=> Mail server management web interface;
a) Add or remove multiple domains and mail accounts, implement domain-level and user-level quotas, and create domain admins (each domain admin will have the ability to manage only their own domain accounts)
b) A Super Admin account that allows you to manage all domains hosted by your mail server (create, delete, or modify mailboxes, etc.)
=> Your mail server will have up-to-date safest & the most secure TLS ciphers (TLS 1.2, TLS 1.3 enabled) for a secure communication
=> Your mail server will have a strong firewall software (PF), periodically fetching the current database set of IP addresses (around 10K bad IPs) associated with hacking attempts&malicious activities, from AbuseIPDB (abuseipdb.com), then block them from all services
=> Smart Auto-Learning System;
When you move spam emails to the Junk/Spam folder your server will *learn* it as spam, preventing any upcoming similar emails in the future. And vice-versa; any email mistakenly marked as and moved into ‘Spam’ by the server, you move it back to Inbox and the server will automatically *learn* it as a good sender from then on
Further technical features:
– PGP/Public Key Cryptography enabled within the webmail, providing very secure email encryption and digital signing functionalities.
– Connection limit implemented to safeguard your server from denial-of-service attacks
– Reverse-DNS enabled to block fake senders
– Extra DNSBL servers activated to combat incoming email abuse (spam/phishing)
– SURBL enabled to verify message content
– SPF enabled to prevent fraudulent sources
– DKIM enabled to add a domain identifier to the email that is unique and separate from any other identifiers
– DMARC enabled to confirm that the email came from an approved sender, and the header information has not been changed
– The PF firewall is enabled, and multiple IP blacklists are assigned to block spammers; the blacklists are updated periodically
– Encrypted POP3 and IMAP (POP3S via port 995 – IMAPS via port 993) are enabled and enforced to secure and encrypt user logins
– End users are forced to use mail services through secure connections (POP3/IMAP/SMTP over TLS, webmail with HTTPS)
– ClamAV, an open-source antivirus engine activated to detect and prevent malware, viruses, and other malicious threats from reaching users’ inboxes
– Many high-quality third-party virus signature databases are integrated into ClamAV and they are updated periodically
– Rspamd implemented – a high-performance spam filtering system used in mail servers to detect and filter out spam, phishing attempts, and other malicious content in email messages
– The Mail Server administration web panel can be limited to specific IP addresses, completely isolating it from the public Internet
– You can easily implement your own blacklists based on domain names, email addresses, or IP addresses to prevent them from reaching your mail server
– All data is stored on your own server
– Forget about the products which pricing based on number of mailboxes, you can create as many mail accounts (domains, users, admins) as you want
– 1-year free maintenance; OS and package patch/kernel upgrades & always available to help in case of any urgent technical incidents
What do I need from the Buyer to get started?
1: A VPS/Cloud/Dedicated server (I will setup whole the server. Providers I highly suggest: Hetzner, Vultr, Contabo and OVH)
2: Server management panel (in order to set the rDNS and fc-rDNS records on its public IP address)
3: Domain management panel access (in order to set the DMARC, DKIM, SPF, MX records for the main domain of the server)
Omer Ingeborg (ptufoundation.org – Arizona/U.S.) (verified owner) –
This freelancer is clearly an expert on mailservers. He has been very patient and very responsive. He wants to get things done *right*, which is very important for security-sensitive applications like mailservers. I appreciate that he was available at every step until things were setup the way it was imagined, even if not every detail was spelled out in my project description. Thanks.