So, you have been told setting up a corporate mail system is easy.

Here are the requirements and objectives:

1. Reliability.
2. Cost effective.
3. Reputation.
4. Multiple endpoints on multiple platforms.
5. Internal Virus checking with white lists, black lists etc.
6. Central management of mail services.
7. And much more.

The first network topology will be simple. Install a mail server and open port 25 to the internet, add an MX record to a DNS and accept mail.

Go and have a cold beer.

*spoiler – this is not the case.

The reality is far more complex and there are many options that can be selected but this blog series will cover the following:

1. Find a suitable SMTP relay such as Brevo or if very brave, Amazon SES. This is for outgoing email as most dynamic IP Addresses will be blacklisted on most DNS Black List sites.
2. Deal with incoming mail via a relay system to hold mail for contingency reasons in case the downstream servers are unavailable. This is very difficult.
3. Use Proxmox Mail Gateway as a wrapper for Sendmail / Postfix as the DMZ or first SMTP hop in the private network.
4. Send mail securely to ScrollOutF1 as a second tier SMTP Gateway relay.
5. Accept and send SMTP mail securely from HCL Domino 12 and 14 using TLS.
6. Send mail from internal sites such as WordPress sites via authorized internal relays.
7. Accept email from a number of domains and direct appropriately.
8. Make sure IPV6 is used or at least considered / configured where possible.
9. Track mail at every point of the cycle and keep good logs.
10. Pull logs from all end point to Elastic Search for Kibana dashboards.
11. Create a sophisticated dashboard of mail services and delivery and failures.
12. Simplify the sophisticated dashboards using our Neural Micro Services.

This is not a simple task and requires deep level skills in multiple platforms and systems and a single misconfiguration or failure will cause mail routing issues that is always classed as a low priority in a corporate network until mail does not route.

The days of simple SMTP mail is long gone due to the amount of persistent spam, spammers and misconfigured mail systems in the internet. The first step is to look at the ISP you are using. If you are paying for a private IP Address you are one step closer but remember your IP Address can be listed on any of the DNSBL sites in a movement if there is a misconfiguration. Removing an IP address is not automatic and can take many days of frustrating effort. For this writeup we will assume a private IP address that will change when the primary local router is restarted or when the ISP recycles the IP Addresses, most probably on a Monday morning, very early, when this change is least welcome.

The primary issue with mail flow is cost and complexity. While you can use a hosting site such as Namecheap to host your domain and subscribe to a hosting plan like such as Stellar Hosting you will soon find out that there are severe limitations such as no more than 50 emails per hour unless you upgrade and far more important to understand is that the hosting is per domain. So with multiple domains you have multiple setups and costs. Not only does it add up but the complexity is off the scale. In most cases the receiving SMTP server does not act like a an SMTP relay but more like a mail web client unless you buy the extra services, per domain of course. Amazon SES is even worse. If you use Amazon SES as a receiver you need to set rules up and use Lamda or S3 buckets. Of the scale complex as well. So the best solution is to host two Proxmox mail gateways on two different ISP’s. Also complex.

Step 1. OpenWRT as the edge router.

Step 2. DNS entries and hosting configurations.

Step 3. Setting up Proxmox Mail Gateway.

Step 4. Setting up ScrolloutF1.

Step 5. Setting up HCL Domino 12 and 14 for domain mail routing.

Step 6. HCL Domino SMTP mail routing.

Step 7. Brevo Setup.

Step 8. Amazon SES setup for outgoing mail.

Step 9. Mail configurations, SASL, TLS, DKIM, DMARC , SPF and more

Step 10. SMTP routing to the Internet.

Step 11. Receiving SMTP mail from the Internet.

Step 12. Mail monitoring.

This guide may help you in setting up the mail environment and will be updated when appropriate. We hope it shows you how complex mail routing can be and how quickly this can go wrong.

There are more complication to deal with when upgrading platforms, moving from one platform to another, moving from one ISP to another or simply moving from one region to another.

Speaking as a Migration Consultant the above is exacerbated by the size of the organization and getting mail to route is imperative so we hope this guide helps. Please do let us know.