Mail server add-on for ReadyNAS?

WhoCares? wrote:

claykin wrote: If you plan to do it the way Milhouse is, then you don't need to open port 25. That's exactly what I was saying right from the beginning. claykin wrote: In that case you are not truly hosting your own mail, someone else is. It may be due to my limited knowledge of the English language, but: As far as I could read in this thread, nobody wanted to host his own mail server with fully qualified MX record on the ReadyNAS in the first place. It was all about added value ... errr ... additional features to complement already existing accounts with external service providers. And in that kind of usage szenario, I don't think a mail server on the ReadyNAS would be more of a security threat than any normal email client. Of course you're right that once you start connecting such a setup to the internet directly a lot of bad things may happen. But I believe the majority of ReadyNAS users don't even have an own domain to begin with. Regards, -Stefan

Sorry if I didn't understand your desired setup from the beginning.

I think some will want to do it the way you and Milhouse do, but others will want to host their own mail with a FQDN.

claykin wrote:
If you plan to do it the way Milhouse is, then you don't need to open port 25.

That's exactly what I was saying right from the beginning.

claykin wrote:
In that case you are not truly hosting your own mail, someone else is.

It may be due to my limited knowledge of the English language, but: As far as I could read in this thread, nobody wanted to host his own mail server with fully qualified MX record on the ReadyNAS in the first place. It was all about added value ... errr ... additional features to complement already existing accounts with external service providers. And in that kind of usage szenario, I don't think a mail server on the ReadyNAS would be more of a security threat than any normal email client.

Of course you're right that once you start connecting such a setup to the internet directly a lot of bad things may happen. But I believe the majority of ReadyNAS users don't even have an own domain to begin with.

Regards,
-Stefan

WhoCares? wrote:

claykin wrote: An SMTP server port open to the Internet to "collect your mail" is more risky than an email client. One is behind a NAT or SPI firewall, the other is NOT. An SMTP server leaves a known and common port (25) open to the Internet, a mail client does NOT. Now, if you could explain to me why I would need an open SMTP port to the internet to collect my mail so it can be processed by my local mail server? -Stefan

http://en.wikipedia.org/wiki/Mx_records

If you plan to do it the way Milhouse is, then you don't need to open port 25. In that case you are not truly hosting your own mail, someone else is.

claykin wrote:
An SMTP server port open to the Internet to "collect your mail" is more risky than an email client. One is behind a NAT or SPI firewall, the other is NOT. An SMTP server leaves a known and common port (25) open to the Internet, a mail client does NOT.

Now, if you could explain to me why I would need an open SMTP port to the internet to collect my mail so it can be processed by my local mail server?

-Stefan

Milhouse wrote:

My ISP already handles spam filtering adequately enough, unfortunately they only offer POP3. What I want is a simple service running on the NAS that will download and upload email from the ISP POP3 server and in return offer an IMAP service that I can connect to both locally and remotely (usually my phone). Yes of course there is a security risk but I think it can be properly managed - I've been running Apache on port 80 on my network for the last 6+ years and I'm confident additional services can be added without the sky falling in. :)

Understood. Not sure if these SMTP plugins offer SSL login options, but if they do make sure your IMAP uses SSL connections.

Are you aware that your headers will not be parsed properly when going POP -> POP server? The mail envelope is opened by the first SMTP server that receives the mail which in this case is your ISP. It can work, but isn't the best way to do it.

claykin wrote:

When you let a reliable third party operate your SMTP server you offload that responsibility to them. They have trained security people on their staff to keep an eye out for exploits and patches to keep their services safe from hackers. They also know how to keep up with the always moving target called spam filtering. Are most end users going to know how to setup their domain name DNS to make sure they have an SPF record and can pass reverse DNS? Users just need to be made aware of the risks of operating exposed services on common ports.

My ISP already handles spam filtering adequately enough, unfortunately they only offer POP3. What I want is a simple service running on the NAS that will download and upload email from the ISP POP3 server and in return offer an IMAP service that I can connect to both locally and remotely (usually my phone). Yes of course there is a security risk but I think it can be properly managed - I've been running Apache on port 80 on my network for the last 6+ years and I'm confident additional services can be added without the sky falling in. :)

WhoCares? wrote:

claykin wrote: Is it just me or is anyone else concerned about security vulnerabilities by exposing services to the Internet? Nobody said that just because you have a mail server up and running you also have to expose that service right to the internet. You could just use it to collect your mail from various external accounts and have it act as a local central hub and master storage for your clients all the while providing services to the users that the external providers don't offer. That's no more a security risk than using your email client and connect to any given mail provider to fetch your mail from there. Or to put it more general: The availability of a technology in itself isn't risky. It's just the users of any technology who create the risks ;) Regards, Stefan

An SMTP server port open to the Internet to "collect your mail" is more risky than an email client. One is behind a NAT or SPI firewall, the other is NOT. An SMTP server leaves a known and common port (25) open to the Internet, a mail client does NOT.

Yes, there are more secure and less secure ways to setup a local SMTP server, however 95% of users would be vulnerable the very first time an exploit is discovered with that server and the user does not know to patch the add-in or NAS firmware. Its a reality of life. Many of these 95% will also allow unauthenticated SMTP relay and it will only be a matter of time before spammers will be using their mailserver as an SMTP relay. Worse is that these users will end up on RBL lists and have trouble sending email to friends/colleagues, because their IP/HOST will listed as a spammer. I'd like to see some data for users with home grown SMTP servers to see how many of them can successfully send email to xxx@comcast.net users with the crazy spam filtering employed by Comcast. We have enough trouble keeping our corporate SMTP server in good graces with them. And that server only sends email from the LAN, no SMTP relay allowed. Even port 25 is closed to the WAN so no external connections permitted.

When you let a reliable third party operate your SMTP server you offload that responsibility to them. They have trained security people on their staff to keep an eye out for exploits and patches to keep their services safe from hackers. They also know how to keep up with the always moving target called spam filtering. Are most end users going to know how to setup their domain name DNS to make sure they have an SPF record and can pass reverse DNS?

Users just need to be made aware of the risks of operating exposed services on common ports.

claykin wrote:
Is it just me or is anyone else concerned about security vulnerabilities by exposing services to the Internet?

Nobody said that just because you have a mail server up and running you also have to expose that service right to the internet. You could just use it to collect your mail from various external accounts and have it act as a local central hub and master storage for your clients all the while providing services to the users that the external providers don't offer. That's no more a security risk than using your email client and connect to any given mail provider to fetch your mail from there.

Or to put it more general: The availability of a technology in itself isn't risky. It's just the users of any technology who create the risks ;)

Regards,
Stefan

claykin wrote:
Is it just me or is anyone else concerned about security vulnerabilities by exposing services to the Internet?

That is a risk and a valid concern, of course, but I would trust ReadyNAS to ensure they limit that risk. After all, they already expose various services such as the photo sharing functionality, I don't see this as being very much different.

claykin wrote:
IMO, if you want great IMAP functionality get an IMAP email account. There's several ways to do this. Even Godaddy offers IMAP for domain owners and you can get 10 with unlimited size mailboxes for $30/year. Yep, per year, not month! Let Godaddy worry about the security vulnerabilities and spam/virus prevention, instead of it being your issue.

My ISP handles my email and unfortunately they don't support IMAP (and never will) and I don't particularly want to have to pay for it if at all possible - I really think ReadyNAS/Netgear might be missing a trick hear particularly as the competition offer it already. In addition I don't want my email routed by yet another third party to store on their servers - they're just as likely to be exploited as any other user of software. What about Apache being exploited the other week? Sh1t happens to everyone, at least I'd be in control when it happens to me and not beholden to a $30/year faceless entity with all my emails available on the internet - worst comes to the worst I'd just disable the IMAP server until the problem is fixed.

Is it just me or is anyone else concerned about security vulnerabilities by exposing services to the Internet?

IMO, if you want great IMAP functionality get an IMAP email account. There's several ways to do this. Even Godaddy offers IMAP for domain owners and you can get 10 with unlimited size mailboxes for $30/year. Yep, per year, not month! Let Godaddy worry about the security vulnerabilities and spam/virus prevention, instead of it being your issue.

Synology and Qnap offers quite a few great services such as the email server, but the day an exploit lets in the bad guys you'll quickly change your mind. Its not if, its when!

Oh, and before you get overly excited by the Qnap mailserver, take a visit to their forum and read many of the threads of people fighting to make it work properly. Is this how you want to spend your time? Not me!