After hassled one more time with hacked Wordpress installations used to mass send Spam mails I think about using different servers for web and mail services. This is to avoid having the combined web/mail server blacklisted at CBL et al. Running Virtualmin I think that can be done this way - described earlier hier https://www.virtualmin.com/node/37931:
I saw the idea to decouple mail services from web and others is nearly 10 years old. Me asking this 8 years ago too. Time to move forward I guess
My proposal to achieve this - assuming two machines:
- First server (web): Web, DNS, Virtualmin, etc.
- Second server (mail): Postfix, Dovecot, Spamassassin, ClamAV.
- Sync user records using NIS from web to mail.
- Mount user directories from web using NFS at mail.
- Let syslog at mail send logs to web.
- Virtualmin on web needs NFS access to mail:/etc for configuring mail related services. Easier: mount mail:/etc/{postfix,dovecot,spamassassin,clamav} by NFS at mail:/etc. This way Virtualmin can write configuration where it is used to write.
- Avoid starting postfix et all at web.
- Virtualmin’s Install script needs to allow installing all, or web stuff only or mail stuff only.
As an alternative to the ideas above: Much easier to be implemented is to have Postfix listen and/or sending at a second IP address. May be that will just do the trick of decoupling. smtp_bind_address and/or inet_interfaces are appropriate Postfix configuration candidates.