The F1Linux Mail Solution:
F1Linux produces a docker image that is created with all your specific configuration which when raised as a container mounts local iSCSI storage and routes mail for one or more domains with Anti-Spam (SPF), Anti-Spoofing (DKIM), Transit Encryption (TLS) & SASL authentication.
- Client Provides:
- (1) host physically & logically connected to their local network
- iSCSI Storage to auto-mount into Docker container for data persistence
- Public IP for the mail server
- Access keys and/or logins to their DNS, Docker host, storage & network devices
- DNS access to be provided at least (2) days prior to allow for propagation of records
- F1Linux Provides: A correct, fully tested mail server comprised of the following configuration
- Docker Image: Alpine Linux with stack-smashing (buffer overflow) protection
- Multi-Arch Build Options: amd64, arm32v5, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
- Current versions of Postfix, Dovecot, OpenDKIM & dependent apps & libraries installed & configured
- docker-compose.yml to raise container from image tailored to local networking & storage
- NOTE: Once container is up, Local changes can be made to the server configs
- TLS Config: Encrypt mail in transit between sending & receiving mail servers
- Config & install (free) Let’s Encrypt certs
- NOTE: Mail to domains routed by the mail server are delivered locally and never leave the host
- DNS Records Creation/Modification: (1) or more mail domains
- MX (Mail Exchange) Records
- PTR (Reverse DNS) Records
- DKIM (Anti-Spoofing) Records
- SPF (Anti-Spam) Records
- IPv4/6 Networking: Host networking as well as dependent switches & routers
- Firewalling
- IPv4 NAT’ing
- Routing
- Persistent Network Storage: Mail folders, TLS certs & backups
- iSCSI LUN Creation & Config
- Auto-mounting config on Docker Host to use as a Docker Volume
- Mail Client IMAP & Account Config:
- Instruct the staff to configure their clients and Public Keys
- Cost: £2,500 inclusive of the above for a new mail server install
- Estimated Delivery: Approx. 1-2 business days
- Docker Image: Alpine Linux with stack-smashing (buffer overflow) protection
- Optional Services:
- Replicated LDAP Authentication Services
- iSCSI RAID 1, 6 or 10 Storage configuration
- New Server Hardware installation & configuration
- Hardware Monitoring
- Data Migration
- Support: Application and/or infrastructure
- Mail Server Admin Training: Postfix, Dovecot and related technologies
The chart below reveals that F1Linux can offer greater business value, security and more predictable costs than both Microsoft & Google. Indeed, these anti-competitive BigTech giants have largely evolved into a tax on businesses with excessive per-user costs that are largely unrelated to the cost of delivering the mail function.
| F1Linux Mail Server | Google Workspace | Microsoft 365 | |
| Fully Integrated Mail Client Message Encryption: | Public Key; FREE. Easy to config & maintain *AND* S/MIME, but has additional costs & increased admin burden |
S/MIME: £££ Enterprise License ONLY + £15-£20 annually per cert per-user (GOOGLE HOLDS ALL CLIENT CERTS!) | S/MIME: Office 365 Enterprise E3 license ONLY + £15-£20 annually per cert per-user |
| Backups: | YES | NO | NO |
| Multiple Mail Domains: | YES | NO | NO |
| Authentication: | SASL + LDAP* or flat file** | LDAP | AD (Kerberized LDAP) |
| Data Portability: | EASY | DIFFICULT | DIFFICULT |
| Stack-Smashing Protection: | YES: Alpine Linux | Possible | NO |
| Transit Security: | TLS (Let’s Encrypt Certs) | TLS | TLS |
| SMTP Mail Routing | Postfix | ? | Microsoft SMTP Server |
| IMAP Mail Delivery: | Dovecot | ? | Microsoft Exchange |
| Anti-Spoofing: | OpenDKIM | DKIM | DKIM |
| Anti-Spam/Spoofing: | SPF | SPF | SPF |
| Dedicated Support Contact | YES; Phone, Skype, Slack | No accountability | No accountability |
| Costs Predicability: | YES; You control both the App & your mail data | NO; vendor can raise prices with impunity | NO; vendor can raise prices with impunity |
| Self or Fully Managed: | BOTH | MANAGED ONLY | MANAGED ONLY |
(2) Competitive advantages- beyond cost– are obvious:
– F1Linux provides a support phone number answered by an engineer.
– Integral mail client Public Key message encryption making e2ee (“End-to-End-Encryption“) a standard feature. BigTech does offer mail encryption, but only S/MIME which has a higher administrative burden, additional costs of £10-15 a cert per-user, per-year and ONLY with their premium mail accounts- “Call Sales for pricing“. Using an estimate of £30/mail acct + £10/ per-cert per-user, BigTech e2ee encryption for just (1) user PER YEAR will cost £480; for (5) users, PER YEAR, about £2,400. Both Google & MS bundle other features in these large enterprise mail accounts, but most won’t be of any use to small/medium organizations and therefore don’t offset the substantial fees to gain encryption.
Insulation from Political & Legal Risk:
Finally, there’s one more important reason to take direct control of your mail function: mitigation of Political & Legal risks. Many large vendors are now adopting activist political stances and dumping clients who either do not adopt these positions or on the basis of a few hysterical tweets from random people. And it needn’t be YOUR firm that “offends” the Twitterati to get “cancelled”. It could a staff member’s tweet or FB post to get your firm “cancelled”? In one widely reported case it was a company’s CUSTOMERS that got them “cancelled” by their cloud host vendor AWS and was driven to ruin. The “cancelled” company themselves didn’t themselves promote any political ideology. It was their customers’ politics which got them into hot water Amazon.
But you have recourse through the courts for any disputes, right? For all practical purposes the answer is “NO”. BigTech vendors leave their TOS’ intentionally vague & wide to give them unlimited latitude to do anything they want to their customers, from unilaterally changing terms, including ending a contract for any arbitrary reason. Google- who trades in the UK through an Irish subsidiary- asserts their Workspace contract is governed by California law and any disputes settled in CA courts. And BigTech mail providers also incorporate provisions that their TOS can be unilaterally modified by them at any time. Don’t like any future changes? Then fly to California with your lawyers and dispute the terms you initially consented to allowing them to modify the agreement at their sole discretion… And remember when you’re emailing lawyers that Google have your S/MIME certificates to read encrypted emails if they choose to ;-). So even if the risk of a contract dispute is low, were it to materialise and involves the mail function, it could devastate your organisation both in terms of business interruption & legal costs.
When one of the world’s largest AgriTech businesses Syngenta decided to migrate their Postfix infrastructure from a third-party hosted & managed solution back in-house, after a global search they choose F1Linux.com based on their extensive experience with Postfix dating back to 2002. Because their mail system is integrated into other IT gears, any disruption caused by the migration could result in £millions of pounds of losses. F1Linux.com delivered the project on time, within budget and even trained the client’s (10) staff in Pune India to operate their shiny new Postfix gears.
– Provided the Linux & Networking expertise to a large project this elite IT consultancy was operating for one of the world’s largest agricultural businesses.
– Migrated the Postfix services back INhouse to a loadbalanced configuration across (2) data centers in France. NAT’ing was breaking things, but as I’m a network engineer I liaised with the network team and agreed a solution.
– Provided Performance Oriented Training in both Linux Systems Administration and the application itself to staff in India to maintain & support the system.
The application was tightly integrated with all Client’s key business processes, including payments and ERM systems; there could be no downtime or failure. The £3 million liability cover they required reflected the risks related to the project.
A large performance bonus was awarded for delivery exceeding requirements
(Mason Advisory is an elite IT Consultancy that was in charge of the entire Syngenta Project)
“I engaged Terrence [Houlahan] as the Linux Subject Matter Expert on a global client’s major email service insourcing programme, to deliver new platforms and train client teams. The programme was large and complex, with significant dependencies on new Linux services that Terrence was responsible for delivering. Success in the role not only hinged on excellent Linux skills but also cross-cultural competencies working as an embedded expert in a global team, training and helping them to adopt the new systems.
Terrence’s exceptional Linux knowledge and his ability to both anticipate requirements and react to scope changes was key to the successful delivery. His outstanding Linux experience was clearly demonstrated by both his hands-on delivery and technical training of a team who, for the most part, had no prior experience in Linux. Most importantly, Terrence’s technical capability combined with his friendly nature and ability to elicit cooperation across global teams resulted in outstanding reviews from the client’s senior managers.
Terrence was key to the success of the overall project: delivering new Linux services and enabling a client team with no Linux experience to become self-sufficient in administering a complex environment of new platforms in a very short timescale. Any future requirements requiring Linux Engineers, I’ll be calling Terrence, and I wholeheartedly recommend him.”
– Ian Kayne, Mason Advisory: Syngenta Project Lead (2018)
Their endorsement of the work took the form of a large, unsolicited bonus check for exceeding their delivery expectations.