Is VirtualMin best for multiple email-only domains on server?

First post here. Great looking community!

CONTEXT: I’m brand new to *min, but an old hand online (I registered the 43rd domain in history… yeah, a Papa Pete with kids and grandkids ) For over 20 years, I’ve helped nurture good use of modern tech around the world, mostly in the “non profit” space (ie we get paid in joy far more than money )

Our existing email server is Postfix+++ running (crawling) on an old Mac Mini server. Some attributes:

• Many domains, few mailboxes
• SPF, DKIM, DMARC, Graylisting, sometimes even a custom log-based attack filter. Someday soon, ARC support – a growing requirement.
• NO webhosting here for ANY of the domains (we do have free hosting elsewhere, eg dreamhost gives free accounts to nonprofits )
• In fact, our primary domain is quite unusual, and is a useful honeypot for detecting spam:
  • we use the domain ONLY for infrastructure (including email server name)
  • we NEVER send email from that domain. Ever. (SPF record: v=spf1 -all ***

Based on what I’ve learned so far of WebMin/VirtualMin…

1. Before actually trying it, I was under the impression that VirtualMin is pretty much a necessity if multiple domains are involved.
2. But now I am learning Vmin… and perhaps this entire GUI Admin App???.. assumes a use case of “Web server - YES // Email server – maybe”, Ie it is pretty much presumed that web servers are a necessity???

THUS MY QUESTION: Is VirtualMin necessary? desirable? if I have zero need to host web content on these domains? Should I look seriously at using just WebMin?

Thanks!
Pete

*** We were being tagged as spammers, until we turned on SPF/DKIM/DMARC. Suddenly some overseas spammers discovered a light shining in their faces: the were sending zillions of emails a day in our name.

No. No GUI is ever necessary to manage a UNIX/Linux server. But, it can save time, reduce errors, improve security (by reducing configuration errors), make it easier to get running faster, automate tedious tasks, etc.

Maybe. Virtualmin does make handling virtual maps, spam/AV scanning, DKIM, and TLS, and such easier, in most cases. But, it’s not the only way to handle it.

It also has a pretty good stack of mail tools. Honestly, the mail stack represents a bigger portion of development time than maybe any other feature in Virtualmin.

But, you’re right that Virtualmin is built around the idea of “I want a website with everything”, meaning web server, database(s), mail, spam/AV filtering, web apps, users, quotas, DNS, backups, etc.

Without web, you lose some of the integrated mail related features. You can’t automatically get your Let’s Encrypt certs unless Virtualmin is managing either your web or DNS (LE can validate through either method, but Virtualmin must manage one of them to request LE certs…and web is preferable for a variety of reasons).

Webmin is not targeted at your use case, either. If you’re not hosting web or managing DNS on the server in question, you lose a lot of the benefits of Virtualmin, but using Webmin won’t make many things much easier.

Webmin does have a very good Postfix module…but users, SASL auth, etc. can be tricky to setup on your own. You won’t get the Virtualmin mail stack if you just install Webmin.

Basically, we really don’t make anything just for your use case. Either tool can be made to work, in the sense that you can build a working mail system managed by either Virtualmin or Webmin. You’ll do a lot more of the work yourself if you pick Webmin.

If I were picking for myself, I’d pick Virtualmin and disable or ignore the features I don’t need. And, I do have a few “split” deployments where Virtualmin is managing mail on one server and web/etc. on another…but it’s maybe not intuitive/obvious or well-supported in the GUI, but I like our mail stack and I know how it works, so I use it. You need to understand DNS pretty well to split up services like this and have it all work out.

There may be other open source tools that are better suited to your needs. I know there are OSS mail platforms, but I have no familiarity with them. I don’t know if they’re actively maintained, have active communities, good security history, etc. I know Virtualmin has all those things and will for years to come.

You can also use Usermin mail client, if you like it (and it’s gotten quite good with Ilia’s design work and Jamie’s improvements over recent years), either with Virtualmin or just Webmin. It may also not be what you’re after.

Honestly, I think you’re probably going to have to answer for yourself. You can install it for free, so all it costs is a few minutes or hours of your time to experiment with it, and see if it can be bent to your will.

Maybe somebody else can recommend some alternative that is actively maintained and targeted at just email. I tried to check up on Zimbra, which I used to hear about quite a bit, but I can’t find any evidence their open source project is seriously maintained anymore…everything is behind a “request a quote” form and their github repo has been mostly untouched for several years.

Postfix has it’s own GUI available and there are several of them. I’m not sure they do all that Virtualmin does but it’s worth a look if all you’re going to be doing is a mail server.

Korreio is one GUI for Postfix.
Postfix Admin is the one that’s actually from Postfix.

There isn’t an “official” Postfix GUI. Postfix Admin is a third party tool. (It may be great, I dunno, but it’s not from the maintainers of Postfix.)

But, as with Webmin (which also has a pretty complete Postfix GUI), Postfix is only a small part of a complete mail stack. You also need Dovecot (or some other IMAP server), something for SASL (Cyrus or Dovecot or others), spam and AV scanning, various other abuse prevention measures, DKIM, and so on. “Mail” is not one service, it’s a half dozen or so…so managing Postfix is a small piece of the puzzle.

I didn’t know that. Since they advertise it on their site (Postfix.org) I assumed it was from them.

Lots of things are listed on the Postfix Add-ons page, including Webmin.

http://www.postfix.org/addon.html

Thanks for the transparency
When I asked about “necessity” I was thinking of the *min context. Obviously anyone can do it manually: that’s what we’ve mostly done for decades. (MacOS Server supports a small number of GUI config elements for Postfix… but is mostly useless in that regard )

I’m not too worried about email clients (usermin).

(An aside, not worth getting sidetracked on… I’m a bit surprised about the statement: “you can’t automatically get your Let’s Encrypt certs unless Virtualmin is managing either your web or DNS.” My ACME plugin on pfSense manages cert automation just fine. connecting to one of the many DNS API’s (we use our Dreamhost account.) )

I think what would help me, as a reasonably experienced Postfix admin, is to gain understanding from an “import my config to *min” perspective.

QUESTION: Are there pointers to documentation, and/or knowledge, of how I can get the following objects/records into *min?

(I.e., can I simply (a) edit the postfix file; (b) enter via gui; (c) either one; (d) not really supported; (e) other?)

1a) virtual_domains (“virtual_alias_domains” in main.cf)
(we act as MX to receive, filter and process email for several domains. We also have multidomain aliases for team members, allowing us to send as xyz@various.domains.com There are not a lot of actual mailboxes here. Onsite, we don’t manage DNS, web, or anything else other than email.)

1b) Same set, configured into amavisd.conf – or other method for configuring outgoing DKIM encapsulation.

2. Incoming SMTP access filters:

   • helo_access
   • sender_access

3. incoming virtual user aliases (virtual_alias_maps in main.cf - we have multiple virtual_users map files/tables)

4. Large numbers of regular aliases? (we have a few thousand aliases. It enables us to provide forensic proof when a vendor’s email lists are compromised – with a custom alias per major online vendor, I know immediately when that specific alias starts being abused. )

5. postfix-level spam/abuse detection management?

   • header_checks (long list of basic header regexp)
   • “postscreen” dnsbl settings/config in main.cf
   • mynetworks config in main.cf (allows defined sources for incoming client SMTP)

BOTTOM LINE From my perspective, to the extent I can accomplish the above in some way, I’m going to be QUITE pleased!

THANK YOU!!!

I just use placeholders when I don’t need Web. Makes life easier. Most of them are blank pages with this picture:

And then there’s this one that I use for testing scripts and hosting honeypots:

That’s an especially ambitious one because it’s responsive and has OG tags.

Why spend more time doing other things that Virtualmin can do just because you don’t need Web? I say just stick any inoffensive nonsense on a white page and be done with it.

Richard

Sometimes we literally need to not host everything in one place.

All-in-one is wonderful, as long as that’s what you want. When one appliance insists on taking over every aspect of life… that may be far from a good, let alone helpful, solution.

We don’t insist on anything. It’s free and open source. Nobody is insisting.

Virtualmin is built for a subset of users…that subset of users wanted an easy-to-use all-in-one web hosting control panel, and that’s what we’ve built. It’s not for everyone, but it’s more flexible than most tools in this category by a wide margin.

FWIW, I use Virtualmin to host several email-only domains (along with a few that have both a website and email). I find it vastly easier than to use postfix “manually”, though I haven’t tried any postfix GUI tools.

I’m able to use a Let’s Encrypt cert for IMAP/STARTTLS because the canonical mail server domain (mail.myhostingcompany.com) has an otherwise-dead website just for handling the Let’s Encrypt web auth. So my cert is always valid, and my email users (and their various domains) either use mail.myhostingcompany.com or they use their own domains and “ignore cert” on their clients

But the long and short of it is that I find Virtualmin much easier to administer even just for an email-only domain than having to do all the configuration manually for postfix. Then I can use VIrtualmin backup tools and everything else for the domain too.

My $0.04 (inflation, you know)

You have not indicated explicitly if you will be using it ONLY for mail or you may consider hosting your DNS as well?
In my opinion Virtualmin will work great and very easy to manage for Email + DNS hosting, but of course it is up to you.

I have pretty nice DNS hosting elsewhere already. Willing to host if that makes sense. I’d rather begin by making as few changes as necessary. If it ain’t broke…

Thanks very much for the link.

Back from a month of travel

Thanks, creeble…

I think I saw somewhere a post on how to configure VirtualMin without pointing the actual Web (www) DNS to the virtualmin server. I love that – our web is hosted (at no charge – for ANY nonprofit BTW) by DreamHost with gobs more resources than I’ll ever accumulate on my own little servers here.

Now I can’t find that. Anybody got a pointer?

Thanks!

I don’t use VirtualMin for DNS much. And presumably you’d be using DreamHost for DNS too.

So all you need to do is point the MX record at your VIrtualmin host, and let the other hosts (www, naked domain A record, etc) point to DreamHost.

I do this on several domains that have web hosting elsewhere, and I just host their email.

Is Virtualmin best for multiple email-only…

It is probably best to test a demo of Virtualmin to see if it matches expectations. From my own experience I use Virtualmin to:

• Automate processes web or mail
• I don’t want to pretend I am a Linux guru and work via SSH
• I don’t want to check server every 10 minutes (I have a life)
• Ease of use and maintenance, backups
• All in one place, less or more features as needed can be enabled/disabled
• I dont want to manually mess around with config files

All in all Virtualmin helps me to live a better life. However, it won’t fix anything nor bring you coffee. Reality is that no ‘panels’ a necessity - it may enhance your experience which is different. Virtualmin and others are not perfect but great nevertheless.

You can just disable hosting and use email. Perhaps one day some of the domains will benefit from hosting, at least service is there to be enabled. From what you describe in terms of services you use - I would absolutely use Virtualmin. All the email options and services associated can be configured. If you are hardcore, can also manually do the configs.

Personally, I don’t like to have DNS somewhere else, backups here and files over there. I want it all in one place but then push backups out somewhere else or backup dns elsewhere. It will restore nicely too, which is high on my list of ‘must do’.

You use an old Mac mini, I don’t know if this is located on a home network or in a data centre. There are cheap VPS’s around, you could easily use that for the purpose you described and expand as needed. That should be cost effective even if you are on non profit terms.

I’m eliminating my old Mac mini’s … Heading toward something more robust and easily maintained… at this point most likely virtualmin on proxmox.

That is a good option. Perhaps you are using proxmox already, if not - just be aware of the network options and bridging network/IP’s. It does require some reading, trial and errors. Also depends on how the host is routing the network. Can be a pain but see it as a challenge, once setup - great tool.

I’m not only using proxmox, our network gateway is HA pfSense with live mirroring of all active connections. I can kill one pfSense and not lose any LAN connections.

It’s still not what I would call 100% stable (due to minor nigglies) but a thousand times better than what I had before. Two cheap old micro-desktop (SFF) PC’s replacing a heck of a lot of other hardware.