So, here I am with a 512 MB Linode. Since I am a software engineer and not a sysadmin, I'd like to ask the forum members for an advice and general guidelines. I'd like to master email server administration, because I like to do sysadmin stuff as a personal hobby. With that in mind, I'd like to build a professional grade mail server that is based on Debian. I have a lot of experience with it and don't want to go with any other distribution.

I'd like to ask more experienced sysadmins that lurk on these forums - how do I approach all this? I'm thinking of running Postfix + Dovecot, I think that's a fairly good choice. I know about SPF and DKIM, so that should not be a problem.

I'd also like to install a StartCom free SSL certificate so that email clients recognize the server and not throw "untrusted connection" warnings.

I have done some email server administration in the past, but now I want to rebuild the Linode and start from scratch. I'd like to ask, is there anything else that I need to know/do in order to have a mail server that is reliable? I don't need SpamAssassin and antivirus stuff because RBL lists do just fine for me.

Also, I'd like to know how can I stay in the know about the changes in Postfix/Dovecot so that I can upgrade seamlessly between different versions of Debian? I know that, for example, Dovecot 1.x and 2.x are configured fairly differently, so basically I want to know how to proactively monitor these changes? Is it enough to just read the documentation frequently, or there is some other way of staying up to date with all relevant changes?

I hope I have been clear enough about my question(s).

Postfix + Dovecot on Squeeze is a good choice. Staying with the Debian current versions has always served us well. StartCom is as good as any for free certs. Go for it!

_________________
/ Peter

There are many differences between Dovecot versions 1 and 2, as you're aware. For my mailserver (Debian 6), I installed Dovecot 2.x from the backports repository. This should make the upgrade from Debian 6 to 7 easier.

I'd also recommend installing opendkim from backports. The older version in the Squeeze repository did funky things for me....

_________________
sleddog

Thank you for advices, I'll try the backports and see where it all goes. I am also open for additional suggestions, especially with staying up to date with software changes so I can upgrade more easily.

The nice thing about Debian Stable is that they only release security updates between releases, which means software is not going to change behavior on you[1]. And since Debian only releases once every two years, you don't need to constantly stay on top of changes. My advice is that when you're ready to upgrade to the next Debian release, check the documentation for all your important services to see what has changed. Also read the Debian Release Notes, which usually mention major changes to popular packages. In addition, the 'apt-get dist-upgrade' process usually alerts you to major changes, and sometimes even attempts to migrate configuration for you. In my experience, major changes usually aren't that big of a deal, and definitely not something to worry about except when upgrading every two years.

If you want to minimize surprises and downtime during upgrades, then I recommend you spin up a second Linode with the new version of Debian to test your configuration. Once it's perfected, you can either proceed with the upgrade on your original Linode or migrate the data to your new Linode, swap IP addresses, and destroy the old one. The latter approach is not for the faint of heart but is definitely "professional-grade" because it really minimizes downtime. Configuration management like Chef or Puppet helps a lot if you do that. In either case, since Linode refunds the rest of the month to your balance, running an extra 512 MB Linode for a day costs <$1.

Regarding the mail server, Postfix/Dovecot is an excellent choice, as is using DKIM. Be sure to enable opportunistic TLS in Postfix so Postfix uses encryption whenever possible when talking with other mail servers. Be aware that Debian Backports isn't technically supported by the Debian Security Team, so you might not get security updates in a timely fashion. Also, Backports *does* release non-security updates between releases which means behavior might change on you. For these reasons I don't use Backports on servers if I can avoid it.

[1] In the rare case that a security update requires a behavior change, details are published in /usr/share/doc/package/NEWS.Debian. If you have the apt-listchanges package installed, such details will be automatically emailed to root. But this is a very rare occurrence.

AGWA, thank you so much for your advice. It has helped me tremendously in planning the upgrade process. Now I fear upgrading a lot less than I used to.