F1Linux Mail Image Leasing:

The F1Linux containerized email solution has been extensively tested and improved over the last 5 years and now available to clients.

It routes mail for one or more domains with Anti-Spam (SPF), Anti-Spoofing (DKIM), TLS Transit Encryption & TLS Client authentication to access mail

As new versions of Postifx are released, containers will be rebuilt and tested with the newer version and released to the client ensuring they are using the latest, security patched versions in production. As data is disaggregated from the the docker image by mounting local iSCSI storage inside as a persistent Docker Volume, the data becomes immediately available in the new Postfix version of the container.

• Client Provides:
  
  • (1) networked host to use run the container
  • iSCSI Storage to auto-mount into Docker container for data persistence
  • Public IP for the 
  • Keys/logins to their DNS, Docker host, storage & network devices
  • DNS access to be provided at least (2) days prior to allow for propagation of records
• F1Linux Provides: A correct, fully tested mail server comprised of the following configuration
  
  • Docker Image: Alpine Linux
    
    • Multi-Arch Build Options: amd64, arm32v5, arm32v6, arm32v7, arm64v8
    • Current release versions of Postfix, Dovecot, OpenDKIM & dependent apps & libraries installed & configured
    • compose.yml to raise container from image tailored to local networking & storage
    • NOTE: Configs are not immutable- they can be modified as required when container is in prod.
  • TLS Server Config: Encrypt mail in transit between sending & receiving mail servers
    
    • Let’s Encrypt Certs used; certs rewed every three months
    • NOTE: Mail to domains routed by the mail server are delivered locally and never leaves host
  • TLS Client Config:
    
    •  Access to mail store is via TLS Client Cert; much more secure than password access
    • Let’s Encrypt discontinued TLS Client Certs, so these must now be purchased from a cert vendor
  • DNS Records Creation/Modification: (1) or more mail domains
    
    • MX (Mail Exchange) Records
    • PTR (Reverse DNS) Records
    • DKIM (Anti-Spoofing) Records
    • SPF (Anti-Spam) Records
  • IPv4/6 Networking: Host networking as well as dependent switches & routers
    
    • Firewalling
    • IPv4 DNAT’ing
    • Routing
  • Persistent Network Storage: Mail folders, TLS certs, backups & maillogs
    
    • iSCSI LUN Creation & Config
    • Auto-mounting config on Docker Host to use as a Docker Volume
  • Mail Client IMAP & Account Config:
    
    • Instruct the staff to configure their clients and Public Keys
• Optional Services:
  
  • Storage configuration
  • New Server Hardware install, networking & config
  • Data Migration
  • Mail Server Admin Training: Postfix, Dovecot and related technologies

The chart below compares the F1Linux containerized email solution with the two leading third-party hosted email services.

NOTES:
* Client TLS certs incurr fees: LEt’s Encrypt has discontinued support for this use-case.

Business Continuity & Privacy:

Fees Ransom: A hosted business-critical service like mail is wide open to fees ransom by the vendor who’s well aware migrating mail away from them is a non-trivial task.  Such vendors feel they’re able to impose material fee increases on their captive clients and do.  Instead of being a hosted service, the relationship is akin to your mail service being ransomwared by a vendor. 

Activist IT Vendors: There’s numerous cases where large IT vendors have withdrawn service because a client didn’t toe-the-line on their vendor’s activist political positions. Even if the risk is distant in the present, it might not be in the future. Imagine the nightmare of losing a key business system with little or no notice…

Warrantless Government Snooping: Governments can engage is warrantless snooping- the UK & China are two– and will demand access from hosted service providers while gagging them from notifying their clients. By controlling your data, authoritarian regimes must request access with the target organization and directly surface their “concerns” for their request. And if Governments have to ask, this might preempt offensive fishing expeditions to find a basis to pursue a disfavoured organization and subject them to expensive, infinite lawfare.

NOTE: Although the below was a non-containerized mailserver migration, it is evidence of deep & wide comptency implementing & migrating mailservers for a large global organization and supported by endorsements at the bottom of this page.

When one of the world’s largest AgriTech businesses Syngenta decided to migrate their Postfix infrastructure from a third-party hosted & managed solution back in-house, after a global search they choose F1Linux.com based on their extensive experience with Postfix dating back to 2002. Because their mail system is integrated into other IT gears, any disruption caused by the migration could result in £millions of pounds of losses. F1Linux.com delivered the project on time, within budget and even trained the client’s (10) staff in Pune India to operate their shiny new Postfix gears. 

     – Provided the Linux & Networking expertise to a large project this elite IT consultancy was operating for one of the world’s largest agricultural businesses.

     – Migrated the Postfix services back INhouse to a loadbalanced configuration across (2) data centers in France. NAT’ing was breaking things, but as I’m a network engineer I liaised with the network team and agreed a solution.

     – Provided Performance Oriented Training in both Linux Systems Administration and the application itself to staff in India to maintain & support the system.

The application was tightly integrated with all Client’s key business processes, including payments and ERM systems; there could be no downtime or failure.  The £3 million liability cover they required reflected the risks related to the project.

A large performance bonus was awarded for delivery exceeding requirements