Is VirtualMin best for multiple email-only domains on server?

First post here. Great looking community! :slight_smile:

CONTEXT: I’m brand new to *min, but an old hand online (I registered the 43rd domain in history… yeah, a Papa Pete with kids and grandkids :slight_smile: ) For over 20 years, I’ve helped nurture good use of modern tech around the world, mostly in the “non profit” space (ie we get paid in joy far more than money :wink: )

Our existing email server is Postfix+++ running (crawling) on an old Mac Mini server. Some attributes:

  • Many domains, few mailboxes
  • SPF, DKIM, DMARC, Graylisting, sometimes even a custom log-based attack filter. Someday soon, ARC support – a growing requirement.
  • NO webhosting here for ANY of the domains (we do have free hosting elsewhere, eg dreamhost gives free accounts to nonprofits :wink: )
  • In fact, our primary domain is quite unusual, and is a useful honeypot for detecting spam:
    • we use the domain ONLY for infrastructure (including email server name)
    • we NEVER send email from that domain. Ever. (SPF record: v=spf1 -all :slight_smile: ***

Based on what I’ve learned so far of WebMin/VirtualMin…

  1. Before actually trying it, I was under the impression that VirtualMin is pretty much a necessity if multiple domains are involved.
  2. But now I am learning Vmin… and perhaps this entire GUI Admin App???.. assumes a use case of “Web server - YES // Email server – maybe”, Ie it is pretty much presumed that web servers are a necessity???

THUS MY QUESTION: Is VirtualMin necessary? desirable? if I have zero need to host web content on these domains? Should I look seriously at using just WebMin?

Thanks!
Pete

*** We were being tagged as spammers, until we turned on SPF/DKIM/DMARC. Suddenly some overseas spammers discovered a light shining in their faces: the were sending zillions of emails a day in our name.

SYSTEM INFORMATION
ProxMox/Debian 10
Webmin 1.981
Virtualmin 6.16

No. No GUI is ever necessary to manage a UNIX/Linux server. But, it can save time, reduce errors, improve security (by reducing configuration errors), make it easier to get running faster, automate tedious tasks, etc.

Maybe. Virtualmin does make handling virtual maps, spam/AV scanning, DKIM, and TLS, and such easier, in most cases. But, it’s not the only way to handle it.

It also has a pretty good stack of mail tools. Honestly, the mail stack represents a bigger portion of development time than maybe any other feature in Virtualmin.

But, you’re right that Virtualmin is built around the idea of “I want a website with everything”, meaning web server, database(s), mail, spam/AV filtering, web apps, users, quotas, DNS, backups, etc.

Without web, you lose some of the integrated mail related features. You can’t automatically get your Let’s Encrypt certs unless Virtualmin is managing either your web or DNS (LE can validate through either method, but Virtualmin must manage one of them to request LE certs…and web is preferable for a variety of reasons).

Webmin is not targeted at your use case, either. If you’re not hosting web or managing DNS on the server in question, you lose a lot of the benefits of Virtualmin, but using Webmin won’t make many things much easier.

Webmin does have a very good Postfix module…but users, SASL auth, etc. can be tricky to setup on your own. You won’t get the Virtualmin mail stack if you just install Webmin.

Basically, we really don’t make anything just for your use case. Either tool can be made to work, in the sense that you can build a working mail system managed by either Virtualmin or Webmin. You’ll do a lot more of the work yourself if you pick Webmin.

If I were picking for myself, I’d pick Virtualmin and disable or ignore the features I don’t need. And, I do have a few “split” deployments where Virtualmin is managing mail on one server and web/etc. on another…but it’s maybe not intuitive/obvious or well-supported in the GUI, but I like our mail stack and I know how it works, so I use it. You need to understand DNS pretty well to split up services like this and have it all work out.

There may be other open source tools that are better suited to your needs. I know there are OSS mail platforms, but I have no familiarity with them. I don’t know if they’re actively maintained, have active communities, good security history, etc. I know Virtualmin has all those things and will for years to come.

You can also use Usermin mail client, if you like it (and it’s gotten quite good with Ilia’s design work and Jamie’s improvements over recent years), either with Virtualmin or just Webmin. It may also not be what you’re after.

Honestly, I think you’re probably going to have to answer for yourself. You can install it for free, so all it costs is a few minutes or hours of your time to experiment with it, and see if it can be bent to your will.

Maybe somebody else can recommend some alternative that is actively maintained and targeted at just email. I tried to check up on Zimbra, which I used to hear about quite a bit, but I can’t find any evidence their open source project is seriously maintained anymore…everything is behind a “request a quote” form and their github repo has been mostly untouched for several years.

3 Likes

Postfix has it’s own GUI available and there are several of them. I’m not sure they do all that Virtualmin does but it’s worth a look if all you’re going to be doing is a mail server.

Korreio is one GUI for Postfix.
Postfix Admin is the one that’s actually from Postfix.

There isn’t an “official” Postfix GUI. Postfix Admin is a third party tool. (It may be great, I dunno, but it’s not from the maintainers of Postfix.)

But, as with Webmin (which also has a pretty complete Postfix GUI), Postfix is only a small part of a complete mail stack. You also need Dovecot (or some other IMAP server), something for SASL (Cyrus or Dovecot or others), spam and AV scanning, various other abuse prevention measures, DKIM, and so on. “Mail” is not one service, it’s a half dozen or so…so managing Postfix is a small piece of the puzzle.

I didn’t know that. Since they advertise it on their site (Postfix.org) I assumed it was from them.

Lots of things are listed on the Postfix Add-ons page, including Webmin. :wink:

http://www.postfix.org/addon.html

1 Like

Thanks for the transparency :slight_smile:
When I asked about “necessity” I was thinking of the *min context. Obviously anyone can do it manually: that’s what we’ve mostly done for decades. (MacOS Server supports a small number of GUI config elements for Postfix… but is mostly useless in that regard :wink: )

I’m not too worried about email clients (usermin).

(An aside, not worth getting sidetracked on… I’m a bit surprised about the statement: “you can’t automatically get your Let’s Encrypt certs unless Virtualmin is managing either your web or DNS.” My ACME plugin on pfSense manages cert automation just fine. connecting to one of the many DNS API’s (we use our Dreamhost account.) )

I think what would help me, as a reasonably experienced Postfix admin, is to gain understanding from an “import my config to *min” perspective.

QUESTION: Are there pointers to documentation, and/or knowledge, of how I can get the following objects/records into *min?

(I.e., can I simply (a) edit the postfix file; (b) enter via gui; (c) either one; (d) not really supported; (e) other?)

1a) virtual_domains (“virtual_alias_domains” in main.cf)
(we act as MX to receive, filter and process email for several domains. We also have multidomain aliases for team members, allowing us to send as xyz@various.domains.com :slight_smile: There are not a lot of actual mailboxes here. Onsite, we don’t manage DNS, web, or anything else other than email.)

1b) Same set, configured into amavisd.conf – or other method for configuring outgoing DKIM encapsulation.

  1. Incoming SMTP access filters:

    • helo_access
    • sender_access
  2. incoming virtual user aliases (virtual_alias_maps in main.cf - we have multiple virtual_users map files/tables)

  3. Large numbers of regular aliases? (we have a few thousand aliases. It enables us to provide forensic proof when a vendor’s email lists are compromised – with a custom alias per major online vendor, I know immediately when that specific alias starts being abused. :wink: )

  4. postfix-level spam/abuse detection management?

    • header_checks (long list of basic header regexp)
    • “postscreen” dnsbl settings/config in main.cf
    • mynetworks config in main.cf (allows defined sources for incoming client SMTP)

BOTTOM LINE From my perspective, to the extent I can accomplish the above in some way, I’m going to be QUITE pleased!

THANK YOU!!!

I just use placeholders when I don’t need Web. Makes life easier. Most of them are blank pages with this picture:

boyd

And then there’s this one that I use for testing scripts and hosting honeypots:

That’s an especially ambitious one because it’s responsive and has OG tags.

Why spend more time doing other things that Virtualmin can do just because you don’t need Web? I say just stick any inoffensive nonsense on a white page and be done with it.

Richard

1 Like

Sometimes we literally need to not host everything in one place. :wink:

All-in-one is wonderful, as long as that’s what you want. When one appliance insists on taking over every aspect of life… that may be far from a good, let alone helpful, solution.

We don’t insist on anything. It’s free and open source. Nobody is insisting. :wink:

Virtualmin is built for a subset of users…that subset of users wanted an easy-to-use all-in-one web hosting control panel, and that’s what we’ve built. It’s not for everyone, but it’s more flexible than most tools in this category by a wide margin.

1 Like

FWIW, I use Virtualmin to host several email-only domains (along with a few that have both a website and email). I find it vastly easier than to use postfix “manually”, though I haven’t tried any postfix GUI tools.

I’m able to use a Let’s Encrypt cert for IMAP/STARTTLS because the canonical mail server domain (mail.myhostingcompany.com) has an otherwise-dead website just for handling the Let’s Encrypt web auth. So my cert is always valid, and my email users (and their various domains) either use mail.myhostingcompany.com or they use their own domains and “ignore cert” on their clients :slight_smile:

But the long and short of it is that I find Virtualmin much easier to administer even just for an email-only domain than having to do all the configuration manually for postfix. Then I can use VIrtualmin backup tools and everything else for the domain too.

My $0.04 (inflation, you know)

2 Likes