What mail solution is more stable and secure?

Oceanwatcher

I am researching what mailsolution I should set up. And I am leaning towards MailCow. Also, I would not be surprised if people here would recommend MailCow 😁
But I would like to hear a little more about the security of MailCow and if there is any focus on hardening the system or if there has been any audit of the system.
One more thing. I would love to integrate it with NextCloud. Is that a problem?

Regards,
Svein

pkernstock

Well, how many money and time you got? Hardening a system is more than enabling ufw or changing the root login to key-only authentication. It starts on physical access, over to the software components used, and the capabilities and experience of the admin who’s maintaining it.

How secure mailcow is? Probably as secure as your base OS, Docker and all the container OS images, Postfix, Dovecot, SOGo, PHP, nginx, rspamd, etc are - including any security vulnerabilities which aren’t known yet or might arise in the future, which are out of mailcow’s control. So it’s not a question which can be answered that easy.

One way to harden it? Probably not mixing up different applications like mailcow and Nextcloud on a single system 🙂

Oceanwatcher

pkernstock Thank you for answering.
Yes, I hear you. There are many things involved when it comes to security. And I wish I could contribute. But I am unfortunately useless when it comes to programming. Really. 🤣
Regarding NextCloud - I think there is a future for a private server that can let us get away from Google. But it has to include file sharing like Google Drive, syncing of mobile phones images and files, calendar, cloud documents etc. and mail. At the moment, I do not see any other alternative than integrating MailCow and NextCloud.
But I would love to hear if you know a better solution!
Done right, this could definitely help to de-centralize the internet!

pkernstock

It’s not a matter if running mailcow and Nextcloud somewhere. But from a security perspective I wouldn’t mix up two complete different applications for two different scenarios on the same system. If mailcow (or, more precise, one of it’s services) or Nextcloud has a security vulnerability, you risk the other application and its data as well.

D4niel

pkernstock Isn’t isolation the purpose of docker? No software is perfect obviously, but at least that’s better than running them together on a native host.

pkernstock

D4niel Nope, it isn’t. It’s also taking use of the host kernel, what a attack vector can be. It’s more designed to ship applications with a base OS, so portability, and for development purposes (building dev environments, snapshot’ing, etc).

diekuh

pkernstock It is still better to run them with any kind of isolation than none. So Docker makes them definitely a bit more secure. 🙂

Oceanwatcher

So it would be better to run them as VM’s? Integration does not mean they have to run on the same host. It just means that I would use NextCloud as webmail.