Making private mail server

[Shandu91]

Hello,

I am working in one company multinational company that wants to make sensitive data protected as much as possible. In the past we used Dropbox and one server on one location, and accessed data trough Dropbox. Worked perfectly until one laptop got stolen. Then we moved forward, we now have 3 servers in 3 locations, all computers on user and domain, VPN tunneling between servers and so on. Moving in that direction to have everything under our roof, next idea was to have our own mail server.

I have found on internet how to make mail server using raspberry pie and that is solution for small number of user, but i have difficulty finding something for larger scale.

 

So i was wondering if someone in this community has more information and point me in right direction how to make this project possible.

 

I am not sure if this is the right place to create topic, if not my apologies.

 

Any help is more than welcome.

[beyonddc]

I briefly looked at private email server a year ago for a project at work.  The two solutions that we saw as viable option were hMailServer and Apache James.

 

hMailServer (https://www.hmailserver.com/) is a Windows solution while Apache James (https://james.apache.org/) can be run on any platform that Java supports.

 

We ended up selecting Apache James.

[Jarsky]

How large scale are we talking?

[JCBiggs]

Im pretty sure a large multinational company can afford someone or already employees someone that knows the answer to this

[vrod]

Since you have Active Directory, I would recommend Kerio (if money is a problem), or Exchange Online through Office365.

 

it doesn’t really matter though what you use, many employees are stupid enough to put a label with their password on the pc somewhere.

 

I would strongly suggest, whatever you choose, to implement 2FA.

[Acedia]

I'd strongly recommend to go with a SaaS solution like Office 365. It's like 20 bucks per month per user.

If you need an on premise solution you might want to find a consultant to set up an on premise Exchange Server.

[Sir Asvald]

As everyone mentioned, Exchange is a option. I am pretty sure that there are other services. Just pick the one that works well for the company.

[Shandu91]

On 2/20/2019 at 7:39 PM, Jarsky said:

How large scale are we talking?

Less than 100 users

[Shandu91]

On 2/23/2019 at 2:31 AM, JCBiggs said:

Im pretty sure a large multinational company can afford someone or already employees someone that knows the answer to this

It is not large, but it can afford, but also as we are working in almost every country in the world. And want to have everything under our roof. And i am exploring for solutions, what is the best one.

[JCBiggs]

4 minutes ago, Shandu91 said:

It is not large, but it can afford, but also as we are working in almost every country in the world. And want to have everything under our roof. And i am exploring for solutions, what is the best one.

I run my own private email server, which now host email for myself a a few friends and a commercial partner.  it IS NOT easy.  If you dont have the time to dedicate to it, and I mean real time, to earn real understanding, then leave it to the pro's.    If it wasn't for the security requirements of my customer, I would have reverted back to hosted email  pretty quickly.  Ive been doing it for a little while now and i still dont understand it all.

 

[Mikensan]

If you run a private mail server, I would not allow it to be internet facing and only working over the VPN / LAN. If the data is sensitive then you should understand that your mail server may push an email in plain text to an external mail server if the two cannot agree on encryption (most often the case).

 

If you are trying to adhere to specific laws because of the data (like medical data), then gmail is HIPAA certified. This ensures the email is never plaintext but as a result limits who can be emailed. This does require a google business account, which I believe is about $5/user. You also get spam protection from them, which I haven't seen any in-house solution beat (personally). You do have to set the mailboxes as HIPAA, it's not automatically configured this way (there are guides).