looks like a I might have a real contender to finally remove my ClearOS mail server. 
So far Iām pretty happy with the way it is runningā¦ Still hardly any mail going from it so no reputation yetā¦ google still complains about it but at least the DKIM/DMARC reports show pass and ok nowā¦
I think i had that at the outset. Could it be that you need to create an spf (Sender Policy Framework) entry in your mailserverās DNS records?
both spf and dkim reports from google report as pass and okay nowā¦ So yeh, I do have an SPF record 
seems @Tom you make Google angry, My authorization e-mail stuck for good half of a day. But my own server got itā¦ after graylisting ā¦ few minutes.
Newer have used DMARC. (just stupid I think) But own server is my way to go. Couple dozen of domains, postfix as a backend ā¦ frontends may vary.
Can somebody point me to the useful (in corporate scale) e-mail frontend, instead of Zimbra?
I never ask too much, CalDav CardDav WebDav folders, Tasks, Windows/Mac compatibility Secure, reliable, FOSS ? =)
If youāll find something like this, just let me know.
Did you include ISRG root cert in cert path?
Was an issue about a year ago
ISRG? not sure what that is
the (new) certification path for letsencrypt. The old one is expired almost a year ago.
I have been running Mailcow for a couple of years now. I seem to have setup it correctly.
Apparently my domain does not send enough amount of emails so supposedly it is considered suspicious.
Thus the only real and big problem it causes is that Microsoft (GMail is ok) donāt like my emails so they end up in spam folder.
And Iām not alone: Outlook/Office365/Microsoft365 and junk mails Ā· Issue #2851 Ā· mailcow/mailcow-dockerized Ā· GitHub
Well Iām using a LE wildcard certrificateā¦ Strangly though I have no trouble receiving or sending outside my LANā¦ However, even apps running on the same server as my mail server canāt use smtp via the mail server because of some vague TSL (certificate) errorsā¦ Havenāt found a way to fix that yet.
Well Mailcow is running greatā¦ Only problem I still have is that for whatever reason Iām unable to have any of my other apps send mail through the mailcow server (via SMTP)ā¦
Any mailcow users out there who use other web apps to send verifcation mails, notification mails through their mailserver and how to set that up. Iām running the main mailcow interface behind a central nginx proxy which works fine. Ports are forwarded in my pfsense WAN rules. Main problem with this seems to be TLS issues. Using lets encrypt domain wildcard certs on my LAN and on the mailcow server. However it doesnāt appear to like getting connects via TLS from my other LAN apps.
I run Mailcow and use NGINX as my reverse proxy. Still, I also had to configure the Mailcow server to get its own SSL certificates as the proxy only covers the web interface and webmail interface not the IMAP or SMTP protocols. Though I read somewhere there is a way to have NGINX proxy more than just HTTP/HTTPS traffic.
yeh same hereā¦ mailcow behind nginx for the actual mailcow web UIā¦ SSL is setup in mailcow itself. No problems with TLS, SSL to the outside world, only on local LANā¦ weirdā¦
Well I can send mail to the outside world and receive mail with tls encryption so itās not thatā¦
Iāve been running a postfix/dovecot email server for a over a decade. I donāt think there is any way to play with the big boys when it comes to IP reputation etc. My recommendation is to use a ārelayā service such as MailRoute (or if you absolutely have to, even Microsoft). They will forward both your inbound and outbound emails via smtp and that allows you to lock down your system much better (so you donāt have to be on call 24/7), plus they will queue your emails in case youāre experimenting. And of course no IP reputation issues. But you still get to run a full server locally which does have certain advantages (e.g., you always know where your emails are and storage is limited only by your imagination).
You could in theory also do this with any IMAP host and using getmail (or fetchmail) instead of listening to inbound connections. That would have the advantage of working behind CGNAT, which otherwise you will have to work around using a VPS. My recommendation there would be Fastmail, but Iām sure there are others. But I guess at that point you might as well just use Fastmail, they good sieve script support and even working iPhone/iPad push notifications (this can be done on dovecot but requires effort).
Running my MIAB system as a VM (XCP-ng) hosted on my local business network with out issues for a couple of years now without any issues. Ubuntu server 18.04 LTS is supported until April 2023. Ahead of this change, MIAB just released v60 a few days ago. This version marks the upgrade of the OS from Ubuntu server 18.04 LTS to 22.04 LTS. Just completed the upgrade of my server with minor issues during the install that were easily corrected.
Depending on where your MIAB server is located at in your network, setting this up on a (local) VM is pretty straight forward. Mine sits behind a pfSense firewall with the mail and web related ports opened from the firewall. Everything has been working fine for years with minimal adminstration effort on my part as MIAB has built-in tools for backups using local storage, S3, BackBlaze and rsync. Additionally I installed unattended-upgrades and configured it to apply security updates and reboot automatically when necessary. As XCP-ng is my VM host, snapshots and backups of the VM also run regularly too without issue. The only times I need to be on the box is when adding or removing users and when MIAB releases updates as those are best run during off-hours.
One critical item for setting up MIAB is that the server has to be a clean vanilla install of Ubuntu server, with nothing installed before or after MIAB setup. Anything else installed and running can easily break the installer. MIAB requires a dedicated instance.
MIAB works well with all major email systems. It usually requires a small amount of training the big providers spam filters. Usually this can be done with 3 to 4 emails over the course of a week sent to recipients on large providers with reply messages. It seems with many first email sent to big systems, the messages get sent to the spam or junk folder. Once new messages are identified as not spam or not junk, additional messages sent donāt end up in spam again.
The only exceptions Iāve seen this happen with is when the public IP address of the email server has been flagged as a spam sender, most of the time when a VPS instance was previously abused by someone before MIAB setup.
MIAB has in the admin console, the ability to automatically check itās configured FQDN against known spam lists. This makes it easy to figure out if the public IP address has been related to abuse before and can be corrected by changing the public IP address. Some VPS host can do this and if self-hosting, many business ISPs can help make the change too. Worse case scenario, email system training takes a little longer to be corrected. Usually can clear these filters within a month or so by sending messages to recipients on big email providers.
The real things that help is all the DNS configs that MAIB support. Spend the time setting each of these up and a new system can clear the filters in no time. The MIAB Control Panel also includes the tools to do this and explains each setting. Depending on your setup needs, MIAB can act as the domain name server and handle all the DNS needs related to you public domain as this is built into MAIB. In my case, Iām using my web hostās DNS and name server services, and MIAB supports this type of configuration too without issue. For reference, my instance is a local XCP-ng VM instance running on the local internal business network, behind a pfSense firewall with the necessary ports open to the MIAB server. Have been running this for years now without an issue. My local self-hosted Invoice Ninja instance is also hosted the same way and uses my MIAB to send client messages from Invoice Ninja without issue. Essentially, spam filters base reputation on the senders public IP address and the extra DNS configurations like DNSSEC, reverse PTR records, TLS, DMARC, DKIM, SPF and MTA-STS
MAIB also has some other nice features built-in like client auto discover, calendar and contact sync, Roundcube based webmail, support for auto provisioning of Letās Encrypt TLS certs and Z-Push. Works well with my Android phone with DAVx/CALDAV and Thunderbird on the PCs.
