Time to move my mailserver!
I am having an inner struggle about what distro/OS to use:

Debian
CentOS
Ubuntu
FreeBSD
OpenBSD

What should I use? Why?

📌

📌

It depends, are you planning to do it inside a docker container ? If that's the case the distro doesn't really matter

Following this rant

It will also be nice if someone post security measurements of a mail server.

I'm not gonna be a big hit like Google and be attacked by pros, just to protect my self from noobs

A link would be nice :)

Don't mind me, I'm just a dot.

CentOS. Updated packages.

If you are interested in doing it inside a container, this image is pretty good : https://github.com/tomav/...
I used it for a school project, well documented, very easy to use.
@gitpush In terms of security, fail2ban, spamassassin, ufw

@AdrienNini
I am using iRedmail thou. Know it extremely well already :)

@Linux heard about it but never really used it. Until now I always used good old postfix and it has always been working fine

@AdrienNini just that? Good to know, I thought I'll be going through a long list lol.

Thanks for your help man, much appreciated :)

@AdrienNini
iRedmail uses postfix. It is a bundle with good software

@gitpush well you can do a lot more but for a starter it's pretty good.
Also make sure you're the only one who can use your SMTP relay otherwise someone can use it to send spam email and use all your process power. You just need to set up your firewall to only allow your connections

@AdrienNini
Firewall? Postfix is enough. Just set allowed_hosts to localhost

@Linux Oh ok :D I'll take a look at that some day (talking about IRedmail)

For the firewall part, when I setted up my mail server it was for a school project and we had to configure it

@AdrienNini thanks for mentioning it, I did not have that in mind lol

@gitpush with the GitHub repo I linked in my other comment and some configuration on my DNS, I got a 9.7/10 score on mail-tester.com

@theKarlisK

Reason is simple:

Vultr sucks more and more, and I would have more control over the data if I had control over the infrastructure aswell. We have a Nutanix cluster that has been real stable and performed really well.

@AdrienNini

Why not 10/10

?

@Linux because of the reverse DNS from ovh. I didn't had control on it only my teacher had the access to the ovh web client. Otherwise I would have got 10/10

@AdrienNini

Oh RIP

I'm running my mail servers on Ubuntu but I really passionately hate the OS.. I'm only using it because that's the only option that my hoster provides that doesn't suck balls. As for my recommendation, I've never used it myself but heard good things about OpenBSD's security.

Use whatever you feel confortable with. I would go with centos because i know it best and like redhat. You will use the same mailserver on every distro. Therefote the distro it runs on is mostly irrelevant.

📌

Gonna follow this, since I’ve been looking around also.

.

@Condor
I think I Will probably settle either with Debian Jessie or Ubuntu 18.04.

Mostly because I know thoose best.
The 5 year LTS on Ubuntu is tempting

Also
Ubuntu has the livepatch service, so I can automatically update the kernel without reboot
Thats quite nice.

Arch, simple.

@ewpratten on a production mail server? :P

@Condor
He is joking :)

@Condor idk. Never tried it. I'm just being "the guy who said Arch"

@ewpratten
Dont be that guy.

@ewpratten I wish I could, because kernel compilations are far easier on Arch than they are on Ubuntu.. problem is that Arch on servers is generally frowned upon :/
(Arch runs great on all the Proxmox VM's that provide the services in my home though!)

Dude, just go Debian. All the flashy new distros can fuck off. Debian is rock-solid and has been around for fucking ages. And yes, Ubuntu and Arch can go suck a dick.

Use Arch Linux

@Condor
Why would you use compile another kernel? You can just install one with apt

@mrtn

Yeah, I would like to! But I think I am going to start with a simpler project first and gain some knowledge first :)

I personally run my mail server on Ubuntu and as security (firewall) part I use CSF (@gitpush)

Don't like Ubuntu but it just works.

@linuxxx I remembered you sent me a voice note about security, I applied it on my server and so far all is good. Now time to get back to that note and apply it on my test mail server :D

@Linux To make things more lightweight. The distribution kernels have a boatload of options compiled as modules to target as many hardware configurations as possible. Meanwhile a custom kernel built with make localmodconfig (and possibly some tweaks in make nconfig) includes only what you need. This makes the kernel image (vmlinuz), initial ramdisk (initramfs or initrd) and the libraries of the modules (/lib/modules iirc) much smaller.

Edit: also because kernels are the only things that require reboots (assuming that kpatch isn't used), using a custom kernel can allow you to uninstall the stock one. This makes it easier to defer reboots until you want to. Lastly, I found distribution kernels to sometimes be unstable because maintainers fucked up the .config file when they compiled it. Being able to configure the kernel myself allows me to avoid such mistakes.

@oudalally

I actually went with Ubuntu 18.04, it is LTS and it is stable and well supported.

Regarding the odds places, I am so used to Ubuntu and Debian so I find where CentOS places stuff is odd :P

@oudalally

I actually do not like Linux for desktop, it is far to unstable and crappy to be honest. But I still use it - because it is free/libre.

And yes, I do use Debian usually. But Stretch was release one year ago so that means only 4 years of maintenance :P