I want to add an email server on production and I would like to know how to secure it as much as I can and to make sure that the emails will be legit and won't go to spam.
the linux distribution is ubuntu 19.10 the email server is postfix 3.4.5
I use ufw firewall.
I did the following and I want to know if there is anything else missing.
1. I configured reverse-dns-lookup to the dns of my email server will show the proper ip address of the server sending the emails.
2. "ufw limit 25/tcp" to prevent flooding the mail server
3. I read the following https://linux-audit.com/postfix-hardening-guide-for-security-and-privacy/ and Enabling HELO might be a good choice.
4. I can make sure that sending emails from this server can be allowed only from the vpn ip of the office. i googled, still didn't find how to do that.
anything else might be useful ? any information regarding this issue would be greatly appreciated.
These are the following things you need to consider which will land your mails in inbox surely regardless of the MTA you use.
1. Authentication
As mentioned above by @Admiral Noisy Bottom and @Peleion, email authentications like SPF, DKIM, DMARC and RDNS are absolutely necessary for sending your email to the inbox
2. Mail Content
The content of your mail should be constructed without any spammy words and spammy code blocks https://www.mail-tester.com/ Mailtester will tell you about the weightage of your content as well as authentication results.
Take care of your subject line also, as spammy words such as free, alert, warning etc might land you in spam https://sendcheckit.com/email-subject-line-tester Its better to test your subject line before sending emails
3. Reputation
This part will come in play if you want to send bulk emails, every ESP has a reputation filter which will decide whether a particlar email is spam or not You can't send out thousands of emails on the first day itself. You need to build your volume slowly as your reputaion of your IP address and your sending domain grows. These are some of the major ESP's warmup guide
https://sendgrid.com/resource/email-guide-ip-warm-up/ https://www.sparkpost.com/docs/deliverability/ip-warm-up-overview/
https://www.inboxroad.com/warm-up-schedule/
Since you are using your own email server, you need to test it out yourself the one that suits your needs best.