Plugin: mail server

[DVitoD]

G'day :D

As I detailed when I joined this forum and set up my FreeNAS test box, I have (rather large) Synologies, and I am looking to migrate away from that and am therefor testing FreeNAS to see if it is in the same leaque as my beloved pfSense box(es - CARP).

Not, because I 'hate Synology', because I do not: I've become friends with developers and support people over there, and they really are great people. It is just that upgrading in the Synology world will become too expensive, and it is still EXT4, not ZFS.

Now, over the years, I've seen Synology evolve. Despite the great developers and support people, up on the ladder are some people that don't see it all too bright I think (:D): they're adding packages you shouldn't be putting on a NAS, especially not on the low-end and medium-end hardware systems they sell.

There are some packages however that are great. One of them is mail server: it is a full blown mail server with a back-end and a nice-front-end GUI to set it all up. I use this intensively internally (my internet mail goes via an external hoster) to email with my family and to have my servers and clients in my LAN email reports to me (no need to have all that go through the open NSA-internet and to waste external bandwith on that).

So I'd like to suggest a plugin that easily enables people to have a mail server on their NAS. Setting that up manually in a standard jail is quite some work, and I am sure the great developers over at IX can make this in a couple of hours ("been there, done that" attitude they will probably have about this subject :p).

I think it would help tremendously in winning more and more people for FreeNAS.

Btw: TPTB may extend this thought very easily: look at the packages that Synology (and QNAP) provide, and also look (especially) at the packages that SynoCommunity (.com, also one of the good causes I donate to) provides; it is easy to find ideas for TOP-plugins by looking at what other bright minds have come up with :D

Thank you,

Bye,

 

[dlavigne]

Please create a feature request at bugs.freenas.org and post the issue number here. If you have a particular mail server and front-end in mind, double-check that a FreeBSD port for it exists at freshports.org.

 

[DVitoD]

Please create a feature request at bugs.freenas.org and post the issue number here. If you have a particular mail server and front-end in mind, double-check that a FreeBSD port for it exists at freshports.org.

Thank you Dru :)

I don't have a particular mail server and front-end in mind, as I am rather new to this. I will enquire wat supposedly is 'the premium stuff', and check freshports. Do I update that in this thread or in the Feature Request?

Issue #7287 created.

 

[danb35]

Keep in mind that FreeNAS is a NAS--a Network Attached Storage device. The plugins currently available, as best I can recall, all tie back to that somehow, in that they assist in acquiring, managing, and/or serving large amounts of data. IMO, the farther removed you get from that function, the less appropriate the software in question becomes for running on a NAS.

There's also the security issue. FreeNAS isn't designed to be exposed to the Internet, but if you're going to run a mail server (or web server, or Joomla! installation, to mention a few other Synology packages I've seen), the system has to be exposed. That means it's much more important to keep things up-to-date, securely configured, etc.

 

[dlavigne]

Do I update that in this thread or in the Feature Request?

In the feature request.

 

[DVitoD]

Thanks Dan :D

Keep in mind that FreeNAS is a NAS--a Network Attached Storage device. The plugins currently available, as best I can recall, all tie back to that somehow, in that they assist in acquiring, managing, and/or serving large amounts of data. IMO, the farther removed you get from that function, the less appropriate the software in question becomes for running on a NAS.

Of course it always depends on the specific situation, but if you want to run a small home mail server, given all the performant hardware everybody is using, a mail server wouldn't mean much for the FreeNAS. Of course, if you are sending out 1 million spam emails a day things might be different :p

There's also the security issue. FreeNAS isn't designed to be exposed to the Internet, but if you're going to run a mail server (or web server, or Joomla! installation, to mention a few other Synology packages I've seen), the system has to be exposed. That means it's much more important to keep things up-to-date, securely configured, etc.

You have a valid point. Trying to mitigate that:

1. The jail is isolated. Of course, if there is a vulnerability in the core FreeBSD system then that might be a problem (I am missing a built in firewall, btw. I saw all the discussions about it on this forum, but I always learned that every system needs to be secured, not just relying the perimeter security appliance).
2. For my use it will only be an internal mail server; my external emails go via my external hosted domain/mail server, since they have fall back and I don't).

 

[cyberjock]

I just have to say that I hope to God that nobody that actually wants to run a mail server does this. Why?

1. If you know enough about how to secure a jail to make it safe to make available to the internet, no guide is needed.
2. I ran a copy of my gmail account from a jail for testing, and the options are mind boggling. There's literally 100s of combinations of how to make your own mail server, and choosing the one "for you" is not easy, in the slightest. Imagine someone asking you what the best linux flavor is. There's about 1000 to choose from and there's a few dozen that are "common" and none of them really set themselves apart from the other.

So no, I think this is a bad idea because of the security implications. I think it's something that would be nearly impossible to implement because, when implemented, someone would have to maintain it. If you can't build it, you certainly can't maintain it.

 

[DVitoD]

I just have to say that I hope to God that nobody that actually wants to run a mail server does this. Why?

1. If you know enough about how to secure a jail to make it safe to make available to the internet, no guide is needed.

I wasn't asking for a guide, I was suggesting a package/plugin/pbi :D

Synology/QNAP sell because of their packages, not because of their hardware. I bought Synologies because, amongst other packages, the mail station. Not because it is a fancy looking 8 bay system in which I could put HDD's. It is software, not hardware or an OS, that sells: it is what you can do with it, how it will make your life more pleasant (hi Apple, bye MS :p).

2. I ran a copy of my gmail account from a jail for testing, and the options are mind boggling. There's literally 100s of combinations of how to make your own mail server, and choosing the one "for you" is not easy, in the slightest. Imagine someone asking you what the best linux flavor is. There's about 1000 to choose from and there's a few dozen that are "common" and none of them really set themselves apart from the other.

I'm afraid I've lost you after the first line (bold text).

So no, I think this is a bad idea because of the security implications. I think it's something that would be nearly impossible to implement because, when implemented, someone would have to maintain it. If you can't build it, you certainly can't maintain it.

1. First bold: I tried to mitigate the security implications;
2. Second bold: every plugin needs to be maintained.
3. Third: I can build: I do stuff on pfSense. The point was: I don't want to build; I want it as a valuable plugin that will survive patches and upgrades because it is in the scope of the FreeNAS devs :)

 

[danb35]

First bold: I tried to mitigate the security implications;

Yes, but if it's available as a plugin, it needs to be more broadly applicable than for your narrow, internal-only use case. The fact that it's running in a jail will help wrt security (you aren't exposing the rest of your FreeNAS server to the Internet), but email remains a huge attack vector.

Third: I can build: I do stuff on pfSense. The point was: I don't want to build; I want it as a valuable plugin that will survive patches and upgrades because it is in the scope of the FreeNAS devs :)

The FreeNAS devs don't maintain the current plugins, as I understand it--they simply make them available. IMO (not that my opinion on the subject really matters), this is and should remain out of scope for a NAS. A relatively-turnkey way to implement something similar would be to look for a VirtualBox appliance of something relevant, like perhaps SoGo (see http://www.sogo.nu/downloads/zeg.html) or Horde (https://bitnami.com/stack/horde/virtual-machine). Security updates would then be handled within the guest OS, and FreeNAS should be pretty well insulated from any problems.

 

[DVitoD]

Yes, but if it's available as a plugin, it needs to be more broadly applicable than for your narrow, internal-only use case. The fact that it's running in a jail will help wrt security (you aren't exposing the rest of your FreeNAS server to the Internet), but email remains a huge attack vector.

The FreeNAS devs don't maintain the current plugins, as I understand it--they simply make them available. IMO (not that my opinion on the subject really matters), this is and should remain out of scope for a NAS. A relatively-turnkey way to implement something similar would be to look for a VirtualBox appliance of something relevant, like perhaps SoGo (see http://www.sogo.nu/downloads/zeg.html) or Horde (https://bitnami.com/stack/horde/virtual-machine). Security updates would then be handled within the guest OS, and FreeNAS should be pretty well insulated from any problems.

Thanks for your reply, Dan :D

1. In pfSense, 3th parties develop plugins. But the pfSense company devs need to approve them before ending up in the system, and they carefully review the packages. I now learn this may not be the case for FreeNAS(?)
2. How are your suggestions for the alternative packages any different from jails, security wise? The virtual box could have bugs too, and both fall under the responsibility of the FreeNAS devs(?)

 

[cyberjock]

I wasn't asking for a guide, I was suggesting a package/plugin/pbi :D

That's even worse, because you have ZERO clue how the software is installed, set up, etc. I did mean to say PBI when I said guide, but the problem isn't mitigated.

I'm afraid I've lost you after the first line (bold text).

I had a jail that had a mail server that simply downloaded the mail from my gmail account. it was a local copy and nothing else. A mail server requires 3 parts, MBA, mail server, and outgoing mail service. On retrieves mail, one stores the mail, and one sends outgoing emails as necessary. Each of those 3 programs have literally dozens of options, each with advantages and disadvantages.

I found out personally, after choosing something that was commonly used and well documented, that it would NOT function for my intended use-case (which is why I gave it up).

1. First bold: I tried to mitigate the security implications;
2. Second bold: every plugin needs to be maintained.
3. Third: I can build: I do stuff on pfSense. The point was: I don't want to build; I want it as a valuable plugin that will survive patches and upgrades because it is in the scope of the FreeNAS devs :)

If you were actually fully capable of doing #1, you'd be able to create the mail server yourself. So I would argue that you don't have the necessary experience/knowledge to do #1 effectively.

As you are new here... take a look at the plugin history for things like Plex. They are NOT maintained. You can tell yourself that every plugin "needs to be maintained" but that is NO guarantee that it will be. Some plugins are quite old. Just search for "out of date plugin" and you'll probably find 100 threads from the last 6 months of people complaining. Remember, most PBIs are community supported. They were created by the community and are maintained by the community. Often the maintainer doesn't care to update it (or chooses not to for some reason) and YOU, the end user, are left with having to maintain it. Well, if you couldn't create the jail yourself there's no way you have the knowledge/experience to update it. iXsystems' responsibility with the plugin is to basically add it to the appcafe so that everyone else can use it. That's it.

But, the FreeNAS devs DON'T maintain the majority of plugins. I believe iXsystems is responsible for 4 or 5 plugins. All the rest are community supported. Expecting the FreeNAS devs to maintain a plugin won't get you far. They've pretty much done all the plugins they want to do because they've learned very quickly that every time an update comes out, even if its several times a week, there *will* be a ticket within hours of an update being released that demands an update. They do NOT want to devote a full-time employee to maintaining plugins. ;)

So you need to ask yourself these questions:

1. Who is going to make the plugin? The community would...
2. Is there a good history of updating the plugins? Hell no..
3. If you want something that will survive patches, upgrades, and security vulnerabilities, you better have the knowledge to do it yourself. If you don't you are asking for nothing but problems. ;)

 

[DVitoD]

That's even worse, because you have ZERO clue how the software is installed, set up, etc. I did mean to say PBI when I said guide, but the problem isn't mitigated.



I had a jail that had a mail server that simply downloaded the mail from my gmail account. it was a local copy and nothing else. A mail server requires 3 parts, MBA, mail server, and outgoing mail service. On retrieves mail, one stores the mail, and one sends outgoing emails as necessary. Each of those 3 programs have literally dozens of options, each with advantages and disadvantages.

I found out personally, after choosing something that was commonly used and well documented, that it would NOT function for my intended use-case (which is why I gave it up).





If you were actually fully capable of doing #1, you'd be able to create the mail server yourself. So I would argue that you don't have the necessary experience/knowledge to do #1 effectively.

As you are new here... take a look at the plugin history for things like Plex. They are NOT maintained. You can tell yourself that every plugin "needs to be maintained" but that is NO guarantee that it will be. Some plugins are quite old. Just search for "out of date plugin" and you'll probably find 100 threads from the last 6 months of people complaining. Remember, most PBIs are community supported. They were created by the community and are maintained by the community. Often the maintainer doesn't care to update it (or chooses not to for some reason) and YOU, the end user, are left with having to maintain it. Well, if you couldn't create the jail yourself there's no way you have the knowledge/experience to update it. iXsystems' responsibility with the plugin is to basically add it to the appcafe so that everyone else can use it. That's it.

But, the FreeNAS devs DON'T maintain the majority of plugins. I believe iXsystems is responsible for 4 or 5 plugins. All the rest are community supported. Expecting the FreeNAS devs to maintain a plugin won't get you far. They've pretty much done all the plugins they want to do because they've learned very quickly that every time an update comes out, even if its several times a week, there *will* be a ticket within hours of an update being released that demands an update. They do NOT want to devote a full-time employee to maintaining plugins. ;)

So you need to ask yourself these questions:

1. Who is going to make the plugin? The community would...
2. Is there a good history of updating the plugins? Hell no..
3. If you want something that will survive patches, upgrades, and security vulnerabilities, you better have the knowledge to do it yourself. If you don't you are asking for nothing but problems. ;)

You will understand that I will leave you with your remarks here.

I could remind you about FreeBSD spirits, but I won't.

I might very well know quite some stuff about the kernel you don't. As I wrote: I do dev things on pfSense.

You are only assuming my knowledge without knowing. I can build anything I want on FreeBSD: you missed my point completely.

I could advise you: drop the 'you are new here argument'. It's a fallacy to the extremus.





Let's leave it at this, I don't want to waste time on this.

 

[cyberjock]

I've got pfsense myself, and I've played with pfsense and FreeNAS to the extreme. I'm not saying that a PBI for *you* is a bad idea. I'm looking at the larger picture. I'd bet 99.999% of the users here would see a mail server and jump on it in a heartbeat thinking this is the new hotness.

The problem? 2 months from now we'll have dozens of people complaining because their mail server was hacked and coverted into a spam-machine. The server will be dog slow and everyone will be upset and say that FreeNAS sucks. So what part of this was good at all except adding another PBI?

I'm sorry, but I've talked to people that are kernel developers for FreeBSD and got their butts kicked with mail servers. I know, I had one help me and it took us many hours to get it all configured. You can be experienced with everything and if you don't know how to do the mail-server thing you can still end up on your butt. So my comments are not meant and shouldn't be taken as an attack on your knowledge. Besides, I don't pretend to assume the knowledge level of people because I'll always be wrong. Someone with a whole 62 posts on this forum hasn't said enough for me to judge. Ask me when you ahve 1000 posts under your belt and I'll think you have serious knowledge. Ask me when you're closing bug tickets with kernel updates and I'll think you have serious knowledge. Right now, you're just a question mark to me.

There's also far more to a project than just code. The community and its relationship to the developers and those societal differences are a BIG part of the picture. ;)

 

[jkh]

As I detailed when I joined this forum and set up my FreeNAS test box, I have (rather large) Synologies, and I am looking to migrate away from that and am therefor testing FreeNAS to see if it is in the same leaque as my beloved pfSense box(es - CARP).

Hmmmm. To be honest, I would have probably just skimmed this thread as "Yet Another Plugin Request" given that there are theoretically tens of thousands of those, one for basically every port in the FreeBSD ports collection, and the whole subject is a deep swamp into which one could easily wander and never be seen again. Then I saw @cyberjock bite you repeatedly over it, garnering the usual complaints about his behavior (he's only an ambassador for the Forum in the same sense that North Korea also has an ambassador to the UN - there are a lot of Forum "ambassadors" hanging out here, and @cyberjock can be easily identified as the one foaming at the mouth and ranting at the table while the others look away and try to pretend he's not actually there :p) so I felt compelled to at least explain the direction that FreeNAS is going with respect to plugins!

1. Plugins, in the current system, are hard to create and even harder to maintain. They are therefore only generally done for the very highest-value targets, like Plex, and even then they are highly fragile. Just look at the bug reporting system for things under the Plugin component if you want to see all of the awesome ways in which Plugins break and how few (maybe 2) people are capable of even fixing them when they do. The current plugin system is basically a disaster, and the sooner it's dead, the better. This induces a rather visceral response to the notion of adding any new plugins to 9.x!
2. Even in the new plugin system, which is currently being architected in PC-BSD 10.1 for inclusion in FreeNAS 10 such that it will be far easier to create platform-agnostic plugins (so easy that we also expect to have an open "plugin exchange" which allows the community to create and support its own plugins collection), people will still need to be careful about what they host on the NAS. Jails, as useful a concept for security partitioning as they are, still use the same kernel and can still bring the system down if they manage to tickle a kernel bug or find a way of essentially self-DoSing the box they're hosted on. That means that your NAS will only be as reliable as your most pathologically behaved plugin, and a NAS is supposed to be reliable above all else.
3. What this all means is that our desired method of "hosting plugins" in FreeNAS 10 will actually be the virtual machine, not the jail. You'll be able to boot a VM using bhyve and any of multiple installation installation images that we will also host (or provide your own) and that means that if you want to run a complete virtual appliance like Zimbra or a LAMP stack, that will be the way to do it. Even if the whole stack comes down in flames, you'll just lose the VM it's hosted in. If you need to host a VM using Linux (real linux, not just a faked-up Linux jail), that will work too.

In short, option #3 is the future of "plugins" in FreeNAS and anyone wishing to start creating such virtual appliances now can do so. They can even host them using the Virtualbox template currently available in FreeNAS, so no one has to wait for FreeNAS 10 to "do plugins properly" - just create a custom OS image and go to town. It's more powerful, it's more flexible, and it's far safer and saner. The only thing that will be missing from the picture today is the easy mounting of datasets into your VM, but that's still no big deal - just set up a share and mount your data into your VM using NFS or SMB. Since it won't be traversing a physical interface, it will still be faster than the alternative!

 

[D4nthr4x]

Most mail servers ran by individuals are easier to hack than Sony.

 

[marian78]

I do not cause further unnecessary debate, but what about example iRedMail ( http://www.iredmail.org/) ...

 

[jkh]

Closing this thread as it has become non-productive.