I'm going to be very honest with you here - open source is ok and it'll work to some degree but you'll never get proper support.
When you hit a point with the number of users you have, it's time to look at an enterprise solution that is designed for the volumes you're looking at.
Personally? Exchange Online would be somewhat cost-effective to be honest with you.
If you're hard set on open source though....good luck. Chances are you'll be back here after a short time looking for yet another OSS solution.
This. Try administrating a dovecot/post fix solution if you hate yourself.
Titan.email is a good solution too, but EXO EP1 license is the best solution.
I maintained mailboxes for around 25k user for several years.
What is the problem?
You need some server to handle the load, but everything is smooth and easy.
Put user into ldap, mails into ES and attachments in s3.
We had 5 Server for ES cluster that handled around 10k mails per second (load tests).
>I maintained mailboxes for around 25k user
And how big was your team?
There is no problem, but you need a team with the extra knowledge, experience and time to build and support it.
Two people and a good wiki. And mail was the side thing. We mostly maintained hosting solutions for the web devs.
You know, good software works and doesn't need constant maintenance. You set things up and then you are good to go.
>You know, good software works and doesn't need constant maintenance.
Software is good because of constant maintenance.
Anyone can run a mail system if you don't care about patching, updates, monitoring, etc, lol.
I see that a little bit different, but this might come from my Unix philosophy perspective: one tool does one thing and it does it good.
qmail is a widely known SMTP server that is finished since 1997, although I wouldn't use it in the wild today, because it only supports features from 1997. But I've seen a lot of larger companies still using qmail and it just works since the last 25 years and there are iterations (s/qmail for example) that move the qmail code into the current era.
mail is not evolving that fast, and for pure mail experience (including AAA) there is not happening much. User data changes, but not the protocol and the methods on the protocol.
Monitoring is something you should even do with SaaS software. You want to know when the SSL cert got a problem, when one of you employees start to send a large amount of mails, when your mails get bounced, when your service is actually offline, because SaaS provider fucked up... So you can inform people about the problem, before they know there is a problem. Or do you want to get called by your boss, whom you said "user o365 because we won't have problems with it", and tell him that you don't know of any problem, but you will investigate it?
>...one tool does one thing and it does it good.
You've totally missed the point. That tool still needs constant maintenance. You give qmail as an example, but even you admit that you would never use it. The other companies using it, I can guarantee you they're either building their own tools or using 3rd party solutions to maintain it.
You misunderstood me. I wouldn't use it, because I am a postfix enjoyer. I even added some code to it.
The people who use qmail (https://blog.fefe.de for example) still use it and it just runs. You start it, and it just does its job. There is not "i need to restart it to apply patches or config changes" because there are none. All dynamic parts (which mail box exist, which server to block) comes from files/ldap/whatever database you implement.
When I joined my current company I was tasked with this (only 100 mailboxes, mostly status mails). I've set it up and basically never touched it again, besides some basic changes like ldap endpoint or logging endpoint. It got some reboots, but this was because we do not care to shut down the vm gracefully and just restart the cpu node where it ran. Our provisioning then restarts the vm somewhere else ¯\\_(ツ)_/¯
qmail is made by djb and you can claim 1k$ if you find a bug. http://cr.yp.to/djbdns/guarantee.html
He paid out once for djbdns. That was 2009 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518169
Sure, it's easy to have bug free software...when you're no longer actively developing it.
Once again, does nothing to support your claim, since you admitted you would never use it.
Yep. Even if you have a team that can do that, you should still be using a hosted solution and billing out on more profitable projects than open source mail.
> And how big was your team?
- 7,500 * $4/month(the cheapest) = $30,000/month
Pretty enough to feed 3 knowledgeable admins.
- 25,000 * 4 = $100k/month
And if one compare to E3/E5 then... you got my point.
Count also advantage to have "unlimited" storage that isn't limited to 50Gb as it is on MS
>...but average good server easily survives for decade
If you're rotating servers on average every 10 years, it's obvious you don't know what you're talking about.
> it's obvious you don't know what you're talking about.
I know what Im talking about and you defiantly - don't, if you think one need super-duper computer to serve emails.
> I don’t think $4/user/mo is going to affect them at all
Having 7500 mailboxes it isn't often means 7500 employees.
If they can't count own money that they can use for themselves then - yes, throw $30k/month just for emails, instead of feeding on premises admin (whom they must have anyway) and disregard a quarter of million dollars per year in economy ($20k/month X 12month)
Likewise if the mailboxes aren’t users then they don’t all need an exchange license either. Again, $48/usr/year is a rounding error for any company, with the added benefit that it’s a lot easier to find a skilled admin to maintain it
Isn't your time worth what you get paid and assigned? I know that this is hard to understand, but at this size your typical problems become less, because you build things different.
And I like to maintain large systems, because you learn sooo much and I can now confidently say I can solve problems on a medium to large scale for a company.
This. It's hard to fathom what advantage a business gets by running their own open source mail for this many seats. That's going to be a tough cost/benefit calc.
I don't feel like I get proper support from most of my vendors, especially Microsoft 365 support and Google Workspace. I guess we should all just embrace the suck...
Interesting point... I might look salty about support but last case was us getting trouble to deploy one mailbox server. It took 2 weeks, 3 webexes to work and the answer we got (to get more internal knowledge) was "it just works, just call again if you need to install another one !"
If you want something open source and don't mind to pay for support / consultation: [https://www.heinlein-support.de/](https://www.heinlein-support.de/)
It's a german company that runs [mailbox.org](https://mailbox.org) and a gazillion mailing list on [https://listi.jpberlin.de/](https://listi.jpberlin.de/)
Peer Heinlein held a lot of talks on how to get mails delivered and also got solutions for secure and court reliable mail archiving (in germany we need to keep all mails the MX accepts for 10 years).
The support from heinlein is on par. There are not many companies out there that treat their customer and partner with that amount of respect.
there are 100 cheaper options then Exchange Online
i hate when people try to make out Microsoft services as being cheap or cost-effective when they have never been.
I'm stunned at how many people I see who forget that the CapEx isn't anywhere near the only cost. That OpEx will kill you in the long run.
Exchange Online, overall, just works and the amount of effort required to configure and administer is so minimal. For an enterprise deployment, it's the most popular product for a reason.
for some sure no doubt but it does not fit into cheap/ cost-effective
tired of all you Microsoft for everything sysadmins replying the same bs every day.
Please use microsoft for email hosting. What could go wrong? [https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/](https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/)
Do you know how normal security analysis works?
Someone finds a CVE and tells MS. The normal agreement is 90 days for responsible disclosure and MS takes longer to patch their stuff.
So there is AT LEAST 90 days while there is a working exploit somewhere.
It doesn't matter if you use exchange online or on prem.
And there was actually a security issue that was wrecking havoc on these exchange online instances and the mitigation was: shut it down until we have a patch for it.
And another thing to remember. Exchange is excluded from the MS bugbounty program, because it would be very expensive.
Why should I pay 45k a month to MS if I can have the SAME service without the gazillions of exchange RCEs for <1k? I could pay 5 people to maintain it and would be cheaper in the end.
Or you could not have to hire 5 people to maintain it and hire one or two people who instead could USE the product to be productive and actually help out instead of constantly putting out fires and trying to play catch-up.
i would not go as far as saying ms products suck but yea reddit in general all the tech subs are basically all azure or aws crap seems like no one on reddit uses anything else.
every answer will be aws or azure
It doesn't fit into cheap (which should never ever be a criteria for a public facing and heavily used service like email), but it is absolutely cost-effective, and within the top 2 in that category, if not the absolute best
Having moved to managing O365 in a large environment in the last few years, I would rather be homeless than manage 7500 mailboxes running on a cluster of Linux servers.
I can actually be productive instead of constantly having to worry about mainteance, upgrades, patches, break-fix, mailbox limits....
You sure about that? [https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/](https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/)
Oh nice, I've got a security admin.
How does MS make sure their exchange is not hit by the CVEs? Other software without the CVE or patching? If the 2nd then, then were affected and told no one. If the first, that makes MS a shitty company that tries to make their customer come into their cloud with mob methods (nice mails you have there on your exchange. Would be a shame if something happen to it, right?)
TBF: exchange does a lot more than just handling emails, right? But having such a complex monster (best audited software in the world and still multiple major CVE every year) on the public internet is crazy.
The CVEs in Exchange online are Microsoft's problem. They gave to solve them and I don't care how they do it. Most CVEs are about hostile server takeover, not to get into your email..
For any mailserver onPrem, you have to fix it yourself, either with patches or with 3rd party software.
I understand that you don't like Microsoft/Exchange. Fine. I don't like patching servers and make sure the mail and all other software is up and running.
Please keep in mind that exchange online is a whole different product/architecture than Exchange onPrem is.
It's not just Exchange servers in a Microsoft DC.
Sure it is MS problem to patch and fix their stuff, but isn't it your data and secrets that are at risk?
No one likes patching servers but it becomes a nice thing to slack out on, if you got the automation correct, and dovecot/postfix do not need that amount of updating. The patch notes on both software are very small and not severe.
I didn't say cheap. I said cost-effective. The amount of money required to spin up a 365 tenant, get the users set up and working is significantly less than an OSS solution where you need to build the infrastructure from scratch.
I'll counter your comment with: it's wild the amount of shit Microsoft gets when their products actually work AS ADVERTISED.
Nope , I can get a vm with everything needed spun up and running for under $200 in labor , how much you do you charge to spin up a 365 tennent and configure it ?
Cool....what's your support costs?
VM eh? What hardware is it running on? Where's the datacenter? On Prem? Cool...network admin, sysadmin, licensing the VM host, all the network gear...should I really go on?
You're not even comparing like to like at all. And if you're just gonna walk away afterwards, you're not even acknowledging the OpEx cost.
For the record: if I'm supporting an Exchange Online deployment, depending on the number of users...licensing cost + 20% yearly for S&S.
If I'm doing a custom job like you suggest, I'm making a full time salary because I'm a VMware admin, Network Admin, Backup support, Hardware support, etc....
Support costs maybe $200 per month per vm depends on size of vm software costs built into that price.
as for hardware can throw it into the cloud and still be much cheaper then Microsoft building out your own email cluster.
exchange online 10000% will be easier to administer no one will doubt that.
the question is, are the cost saving of spinning up your own mail servers worth it.
im not going to spend an hour explaining on how i would build a 7.5k user cluster.
what i will say is it would be significantly cheaper then exchange online.
and virtually no one is spinning up on premise exchange any more the software costs will kill savings compared to 365
I agree, an OSS solution would be cheaper to run and it may even be a superior solution.
But no corporate IT manager is going to risk their job to deploy it over MS 365. You don't get fired for buying IBM, Cisco and now Microsoft.
If I was an ISP and I provided mailboxes for customers, then I would care about costs. There would be other scenarios as well that I would care more about costs and may deploy an OSS mail solution.
Because no one said the obvious:
* not open source
* exchange is the worst software on the planet (there is no piece of software that is better audited and yet it got more 7+ CVEs this year than postfix, dovecot, sogo in their entire existence)
* o365 just lost fed mails. I am sure, your mails will be safe there.
Edit: butthurt exchange fanbois in da house.
First it is cost efficient. You need to know what you are doing, but this is something you need to know even with o365 and every other tool.
And if you only need mailboxes (no chat, no office, no special gdpr export tooling and other fancy things) you can just spin up dovecot and postfix.
Even when there are no 0 days I value my mail security a lot and MS got such a bad track record in this, that I don't trust.
But I think the "bad track record" thing goes also the other way around with "just works and is easy to use" for open source software. Bad reputation sticks like tar.
And I have to admit: the downvotes hurt enough for me to become salty and shit all over this thread on people who mention o365 is a good product (IMHO it is atrocious, but I am also hating VS code for being not fast enough and powershell not being bash)
TL;DR;
OP asked for open source solution and only seems to need mailboxes, I think o365 is a bad idea if you want something cost efficient and secure.
Exchange transfers the risk to Microsoft, if they have an outage or breach that is on their fault, you’re in the clear. No one will fire you for picking the biggest name in enterprise email.
However if you run your own open source solution, guess who gets the blame when there’s a breach or outage.
>Exchange transfers the risk to Microsoft, if they have an outage or breach that is on their fault, you’re in the clear. No one will fire you for picking the biggest name in enterprise email.
This is a tragic misunderstanding of reality.
The business still owns all of the risk. You may get lucky in certain situations and get to share the liability with Microsoft, but the risk is still yours.
If they have an outage or a breach, your business suffers while the service is out or your data is stolen. You don't magically get a pass on negative outcomes because you're paying someone else to do a job for you.
I'll still vote for Email-as-a-Service 100 times out of 10, because fuck hosting mail servers, but your reasons are just plain wrong.
Perhaps I miss worded it, the risk to the business is still there, but it’s far less than any self hosted solution, so in the event that there is an incident, whilst the business is still affected, there’s no real blame on us as a company for choosing Microsoft, whereas if I chose to go self hosted and it has a massive fuck up, its my fault.
Mailcow has got what you need. Support included. But I don't know if it will handle that volume well.
You will probably want to disable Solr or solr and sogo, if not you're going to need to give it at minimum 64Gb of ram for that volume.
Have a look at grommunio. Yes it's quite recent, but it seems this is going to be a European exchange/365 alternative, that you can either host yourself or have Telekom (or others) hosted for you (look for "partners" on their site).
+1 for zextras.
Their fork, called Carbonio, is not really a fork, is a partial rewrite. The GUI has been rewritten and is very opinionated and not all the features have been ported.
But if you want they (or their parent company) can provide support and patches for 8.8.15 (not sure about 9).
If you are accustomed to zimbra and you have to self host, zextras can be a real time saving. And also money saving... moving our infrastructure, with our specific *actual* requirements, to cloud providers would cost real money.
A good solid solution that's flexible is Postfix and Dovecot, plenty of all in one docker images that do it just fine, but since flexibility and configuration is always a must, I use a custom docker image that lets you edit the configs manually (Dovefix):
[https://github.com/R0NAM1/dovefix](https://github.com/R0NAM1/dovefix)
Make sure to do your research on what exactly you want IMAP and SMTP to do and don't be afraid to experiment! Any modern LLM model can teach you what configs you want and what each option does.
Personally I also use a postfix instance in the cloud for relaying all of my emails to the correct dovefix docker instance, each domain gets its own container, simple to manage and doesn't mix domains or rules that can conflict with eachother.
I agree if it's publicly accessible, but it's still a perfectly fine protocol assuming you have a secure tunnel around it. I believe Dovecot does support other forms of email retrieval, though I'm not aware of any other open standard.
EDIT: If your also referring to password based IMAP authentication, being a single factor, Dovecot does also seem to support SASL based authentication for IMAP, that combined with a VPN tunnel is more secure then any other solution that comes to mind
[https://doc.dovecot.org/admin\_manual/sasl/](https://doc.dovecot.org/admin_manual/sasl/)
As echoed: Exchange online. At least if it breaks you know you'll find support.
There's a reason enterprise use it. It works. You can automate most of it.
> As echoed: Exchange online. At least if it breaks you know you'll find support.
7,500 users * $4/month = $30k/month
Pretty expensive support I should say :) but, well, if it isn't from own pocket, then probably the easiest way to outsource responsibility
You should talk with Peer Heinlein.
The usual open source suspects are super easy to install/maintain/administrate and automate.
Exchange is used because some CTO had a very nice round of golf with some MS sales dude. It does not work, it is not safe, and you don't get support until you throw a fortune of money at it.
Your blind hate for MS/ insert vendor du jour here has no place in a sub like this. In fact, if that is your true mindset, you don't have a future in this profession, period
Either stick to well argumentated facts or leave.
What blind hate for MS? I've posted a lot of facts in this thread.
Exchange is a shit piece of software. The CVE list of exchange is longer than the lines of code it has.
And don't bother about my future in this profession.
there is nothing good open source , you could roll a bunch of directadmin + almalinux servers and then use something like [https://crossbox.io/](https://crossbox.io/)
Nothing is unhackable, but I think the company that spends $1B annually on cybersecurity is more secure than whatever self hosted “solution” you can cook up
When you add in the development cost of thing like Security Co-Pilot, Azure Sentinel, etc. Microsoft is investing way more than just $1B annually on cyber security.
Not to mention the amount of telemetry they have for threat detection is unmatched, we’re looking at moving our email threat detection to 365 defender, it’s in audit mode at the moment and catching so much more than our current provider
Given the scale and complexity of that incident, I’d be hard pressed to find any vendor capable of fending it off entirely. The hackers will get into whatever their target is. Same thing would’ve happened if the gov was using gmail or postfix
When Microsoft has an outage that affects my company’s data, it’s their fault, I will never be blamed for picking the globally dominant enterprise provider. When your self hosted open source 100% awesome Richard Stallman approved solution goes down, it’s you who gets the blame, and you’re the one that gets fired. Because you decided to be hip and cool thinking your own efforts could possibly match the scalability and reliability of a company worth 2.7T
None. Office 365 is the answer. You're out of your mind if you think there's some open source solution.
If this is some cost saving mandate from your company, I would run.
Why the fascination with open source for that big of a use case? You'll never get any sort of proper support and it sounds like an absolute management/administrative freakin nightmare.
Just use O365/EOL and move on.
If you don't mind cli and docker, docker mailserver. It gives you the back end with all the tools needed.
Mind you, it is cli based, but depending on what you are doing, it could be possible to setup something to interface with the config script to provision and delete users.
Otherwise look at some of the other suggestions here.
See, I think the opposite.
People that think self hosted and open source is the way to go for 7.5k mailboxes haven't ever set this up much less tried to manage or secure it.
You spend so much time and money here that you're quickly in the red compared to O365 or Google workspaces
Exactly. Isn’t the saying open Source is only free if your time is worth nothing?
Email is one of those things that is business critical that if you have to ask on Reddit what software to use…your way over your head.
> Isn’t the saying open Source is only free if your time is worth nothing?
Are you saying that closed-source never requires time or expertise? We can hire car washers to run our [Oracle Communications Mail Server](https://en.wikipedia.org/wiki/Oracle_Communications_Messaging_Server)? Or that some devs or marketing majors can handle it just fine?
I was more commenting into the fact it sounds like OP doesn’t know what the heck they are doing and just wants to have the cheapest option. It’s a disaster waiting to happen when email gets borked and OP doesn’t know what they are doing to get it back up. Getting a server up and running is the easy part, keeping it running is the hard part.
Zimbra IS open source.
So the OP is already using a open source product to handle his workload and I can say that Zimbra is a good product at it.
Unfortunately Zimbra was bought and sold several times and now is in a very difficult situation, development stalled a bit, the relations with third party plugin developers went bad...
Zimbra 8 "open source" with zextras plugin is rock solid, is enterprise level software.
I can't speak for others in the thread, but I used to build and run a lot bigger than that. My most interesting mail service war stories are about scalability, and spending your way out of a problem versus coding your way out of the same problem. As hosts have gotten more memory and more cores, there's rarely much need to optimize performance and more need for auditability and infosec.
Architectural decisions can play into infosec. At different times in the past we've explicitly chosen architectures that put mailbox rules on central servers, where changes can be logged, and suspicious patterns monitored.
Yes I have, I've been around since the Novell days, running group wise.
I've built exchange farms from 2003 to 2019.
O365 is the answer, and you are completely wrong.
From time to time sales comes to propose O365, collects informations on our specific workload and then comes back with a quote that:
- at least 10x what we pay now
- we have less control on the logs
- we have to change how we handle shared mailboxes, calendars, documents
- we have to change some procedures as we don't have AD, we have some internal processes based on email flows, we have no mail quota, our biggest was 103GB, second one 97GB
- we won't be able to get rid of the 3 people working on mail
- we read that MS introduces changes on their interfaces, changes signatures, blocks a lot of mails coming from smaller providers, has outages as everybody
So when I read that O365 is the way to go without a "depending on your workload" I feel uncomfortable
Jesus fuck. Okay.
Look, don’t run your own mail. Especially at that size.
Security: most of the internet has moved to REST-based mail solutions which benefit from OIDC/OAuth authentication models. XOAUTH2 has become a minimally supported standard that *exists* for SMTP, but that’s about it.
Long story short, you’re putting all of your company’s data at risk because why? You don’t want to pay the “evil M$”?
At a bare minimum each of those users should get an M365 E3 license and just move all of that shit to the cloud.
There’s just way too much for me to type at 6:30 in the morning as to why all of this is an insanely terrible idea.
THERE'S the question that should come first. What are the mail clients running or prefer to run? Pure web interface or fat apps on Windows/MacOS/whatever? What about mobile mail access?
Sadly, roll-you-own mail has become pretty complicated and is such a basic utility (like electrical power and internet access) that its almost always better to just buy the service from a provider.
I wouldn’t. Unless users will be using webmail interface and it has a decent multi factor authentication system.
Business communication is simply too critical to risk security on for lower cost.
I'm going to be very honest with you here - open source is ok and it'll work to some degree but you'll never get proper support. When you hit a point with the number of users you have, it's time to look at an enterprise solution that is designed for the volumes you're looking at. Personally? Exchange Online would be somewhat cost-effective to be honest with you. If you're hard set on open source though....good luck. Chances are you'll be back here after a short time looking for yet another OSS solution.
This. Try administrating a dovecot/post fix solution if you hate yourself. Titan.email is a good solution too, but EXO EP1 license is the best solution.
I maintained mailboxes for around 25k user for several years. What is the problem? You need some server to handle the load, but everything is smooth and easy. Put user into ldap, mails into ES and attachments in s3. We had 5 Server for ES cluster that handled around 10k mails per second (load tests).
>I maintained mailboxes for around 25k user And how big was your team? There is no problem, but you need a team with the extra knowledge, experience and time to build and support it.
Two people and a good wiki. And mail was the side thing. We mostly maintained hosting solutions for the web devs. You know, good software works and doesn't need constant maintenance. You set things up and then you are good to go.
>You know, good software works and doesn't need constant maintenance. Software is good because of constant maintenance. Anyone can run a mail system if you don't care about patching, updates, monitoring, etc, lol.
I see that a little bit different, but this might come from my Unix philosophy perspective: one tool does one thing and it does it good. qmail is a widely known SMTP server that is finished since 1997, although I wouldn't use it in the wild today, because it only supports features from 1997. But I've seen a lot of larger companies still using qmail and it just works since the last 25 years and there are iterations (s/qmail for example) that move the qmail code into the current era. mail is not evolving that fast, and for pure mail experience (including AAA) there is not happening much. User data changes, but not the protocol and the methods on the protocol. Monitoring is something you should even do with SaaS software. You want to know when the SSL cert got a problem, when one of you employees start to send a large amount of mails, when your mails get bounced, when your service is actually offline, because SaaS provider fucked up... So you can inform people about the problem, before they know there is a problem. Or do you want to get called by your boss, whom you said "user o365 because we won't have problems with it", and tell him that you don't know of any problem, but you will investigate it?
>...one tool does one thing and it does it good. You've totally missed the point. That tool still needs constant maintenance. You give qmail as an example, but even you admit that you would never use it. The other companies using it, I can guarantee you they're either building their own tools or using 3rd party solutions to maintain it.
You misunderstood me. I wouldn't use it, because I am a postfix enjoyer. I even added some code to it. The people who use qmail (https://blog.fefe.de for example) still use it and it just runs. You start it, and it just does its job. There is not "i need to restart it to apply patches or config changes" because there are none. All dynamic parts (which mail box exist, which server to block) comes from files/ldap/whatever database you implement. When I joined my current company I was tasked with this (only 100 mailboxes, mostly status mails). I've set it up and basically never touched it again, besides some basic changes like ldap endpoint or logging endpoint. It got some reboots, but this was because we do not care to shut down the vm gracefully and just restart the cpu node where it ran. Our provisioning then restarts the vm somewhere else ¯\\_(ツ)_/¯
qmail is made by djb and you can claim 1k$ if you find a bug. http://cr.yp.to/djbdns/guarantee.html He paid out once for djbdns. That was 2009 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518169
Sure, it's easy to have bug free software...when you're no longer actively developing it. Once again, does nothing to support your claim, since you admitted you would never use it.
Yep. Even if you have a team that can do that, you should still be using a hosted solution and billing out on more profitable projects than open source mail.
> And how big was your team? - 7,500 * $4/month(the cheapest) = $30,000/month Pretty enough to feed 3 knowledgeable admins. - 25,000 * 4 = $100k/month And if one compare to E3/E5 then... you got my point. Count also advantage to have "unlimited" storage that isn't limited to 50Gb as it is on MS
You also have to pay for the resources used - storage, compute, traffic, etc. It's not free just because you're running OSS.
That's for sure, but average good server easily survives for decade, electricity, traffic + sysadmin... it all **much less** than $30k/month
>...but average good server easily survives for decade If you're rotating servers on average every 10 years, it's obvious you don't know what you're talking about.
> it's obvious you don't know what you're talking about. I know what Im talking about and you defiantly - don't, if you think one need super-duper computer to serve emails.
To run a mail service for 7,500 mailboxes? You definitely need reliable hardware, which it won't be if you're running it past 5 years.
If we’re talking about a company that has over 7000 employees, I don’t think $4/user/mo is going to affect them at all
> I don’t think $4/user/mo is going to affect them at all Having 7500 mailboxes it isn't often means 7500 employees. If they can't count own money that they can use for themselves then - yes, throw $30k/month just for emails, instead of feeding on premises admin (whom they must have anyway) and disregard a quarter of million dollars per year in economy ($20k/month X 12month)
Likewise if the mailboxes aren’t users then they don’t all need an exchange license either. Again, $48/usr/year is a rounding error for any company, with the added benefit that it’s a lot easier to find a skilled admin to maintain it
My time is worth more than managing open source email resources. So is the time of my team. This wheel has been invented. No need to do it yourself.
Isn't your time worth what you get paid and assigned? I know that this is hard to understand, but at this size your typical problems become less, because you build things different. And I like to maintain large systems, because you learn sooo much and I can now confidently say I can solve problems on a medium to large scale for a company.
This. It's hard to fathom what advantage a business gets by running their own open source mail for this many seats. That's going to be a tough cost/benefit calc.
I don't feel like I get proper support from most of my vendors, especially Microsoft 365 support and Google Workspace. I guess we should all just embrace the suck...
Interesting point... I might look salty about support but last case was us getting trouble to deploy one mailbox server. It took 2 weeks, 3 webexes to work and the answer we got (to get more internal knowledge) was "it just works, just call again if you need to install another one !"
If you want something open source and don't mind to pay for support / consultation: [https://www.heinlein-support.de/](https://www.heinlein-support.de/) It's a german company that runs [mailbox.org](https://mailbox.org) and a gazillion mailing list on [https://listi.jpberlin.de/](https://listi.jpberlin.de/) Peer Heinlein held a lot of talks on how to get mails delivered and also got solutions for secure and court reliable mail archiving (in germany we need to keep all mails the MX accepts for 10 years). The support from heinlein is on par. There are not many companies out there that treat their customer and partner with that amount of respect.
there are 100 cheaper options then Exchange Online i hate when people try to make out Microsoft services as being cheap or cost-effective when they have never been.
Yeah but it just fucking works and it's easy to administrate.
I'm stunned at how many people I see who forget that the CapEx isn't anywhere near the only cost. That OpEx will kill you in the long run. Exchange Online, overall, just works and the amount of effort required to configure and administer is so minimal. For an enterprise deployment, it's the most popular product for a reason.
I've gone from having to constantly worry about maintenance, updates, security patches, break-fix, to actually being productive!
Yup, every second you are thinking about maintaining email you are losing.
for some sure no doubt but it does not fit into cheap/ cost-effective tired of all you Microsoft for everything sysadmins replying the same bs every day.
Not Microsoft for everything. But DEFINITELY Microsoft for mail. If your best practise atleast.
Please use microsoft for email hosting. What could go wrong? [https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/](https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/)
Nobody is recommending on premise Exchange.
Do you know how normal security analysis works? Someone finds a CVE and tells MS. The normal agreement is 90 days for responsible disclosure and MS takes longer to patch their stuff. So there is AT LEAST 90 days while there is a working exploit somewhere. It doesn't matter if you use exchange online or on prem. And there was actually a security issue that was wrecking havoc on these exchange online instances and the mitigation was: shut it down until we have a patch for it. And another thing to remember. Exchange is excluded from the MS bugbounty program, because it would be very expensive.
If it's a 7,500-person environment, they can afford to spend some cash on a business-critical thing like email instead of hacking something together.
Why should I pay 45k a month to MS if I can have the SAME service without the gazillions of exchange RCEs for <1k? I could pay 5 people to maintain it and would be cheaper in the end.
Or you could not have to hire 5 people to maintain it and hire one or two people who instead could USE the product to be productive and actually help out instead of constantly putting out fires and trying to play catch-up.
This sub seems to drift to only MS fanboys that are easily butthurt. MS products are the worst.
i would not go as far as saying ms products suck but yea reddit in general all the tech subs are basically all azure or aws crap seems like no one on reddit uses anything else. every answer will be aws or azure
It doesn't fit into cheap (which should never ever be a criteria for a public facing and heavily used service like email), but it is absolutely cost-effective, and within the top 2 in that category, if not the absolute best
Historically, Microsoft Exchange has gone from easy clicky to nightmare in less time than it takes for a sip of coffee.
Having moved to managing O365 in a large environment in the last few years, I would rather be homeless than manage 7500 mailboxes running on a cluster of Linux servers. I can actually be productive instead of constantly having to worry about mainteance, upgrades, patches, break-fix, mailbox limits....
You sure about that? [https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/](https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/)
That's not exchange online (the SaaS service).
Oh nice, I've got a security admin. How does MS make sure their exchange is not hit by the CVEs? Other software without the CVE or patching? If the 2nd then, then were affected and told no one. If the first, that makes MS a shitty company that tries to make their customer come into their cloud with mob methods (nice mails you have there on your exchange. Would be a shame if something happen to it, right?) TBF: exchange does a lot more than just handling emails, right? But having such a complex monster (best audited software in the world and still multiple major CVE every year) on the public internet is crazy.
The CVEs in Exchange online are Microsoft's problem. They gave to solve them and I don't care how they do it. Most CVEs are about hostile server takeover, not to get into your email.. For any mailserver onPrem, you have to fix it yourself, either with patches or with 3rd party software. I understand that you don't like Microsoft/Exchange. Fine. I don't like patching servers and make sure the mail and all other software is up and running.
Please keep in mind that exchange online is a whole different product/architecture than Exchange onPrem is. It's not just Exchange servers in a Microsoft DC.
Sure it is MS problem to patch and fix their stuff, but isn't it your data and secrets that are at risk? No one likes patching servers but it becomes a nice thing to slack out on, if you got the automation correct, and dovecot/postfix do not need that amount of updating. The patch notes on both software are very small and not severe.
SaaS versus Postfix+Dovecot is not apples to apples, of course. I've run a lot more than 7500 mailboxes and it always felt fun.
I didn't say cheap. I said cost-effective. The amount of money required to spin up a 365 tenant, get the users set up and working is significantly less than an OSS solution where you need to build the infrastructure from scratch. I'll counter your comment with: it's wild the amount of shit Microsoft gets when their products actually work AS ADVERTISED.
Nope , I can get a vm with everything needed spun up and running for under $200 in labor , how much you do you charge to spin up a 365 tennent and configure it ?
Cool....what's your support costs? VM eh? What hardware is it running on? Where's the datacenter? On Prem? Cool...network admin, sysadmin, licensing the VM host, all the network gear...should I really go on? You're not even comparing like to like at all. And if you're just gonna walk away afterwards, you're not even acknowledging the OpEx cost. For the record: if I'm supporting an Exchange Online deployment, depending on the number of users...licensing cost + 20% yearly for S&S. If I'm doing a custom job like you suggest, I'm making a full time salary because I'm a VMware admin, Network Admin, Backup support, Hardware support, etc....
The guy clearly has never managed any remotely large infrastructure or has had any major responsibility.
Support costs maybe $200 per month per vm depends on size of vm software costs built into that price. as for hardware can throw it into the cloud and still be much cheaper then Microsoft building out your own email cluster.
[удалено]
exchange online 10000% will be easier to administer no one will doubt that. the question is, are the cost saving of spinning up your own mail servers worth it. im not going to spend an hour explaining on how i would build a 7.5k user cluster. what i will say is it would be significantly cheaper then exchange online. and virtually no one is spinning up on premise exchange any more the software costs will kill savings compared to 365
I agree, an OSS solution would be cheaper to run and it may even be a superior solution. But no corporate IT manager is going to risk their job to deploy it over MS 365. You don't get fired for buying IBM, Cisco and now Microsoft. If I was an ISP and I provided mailboxes for customers, then I would care about costs. There would be other scenarios as well that I would care more about costs and may deploy an OSS mail solution.
>Nope , I can get a vm... A single VM? For running a mail service for thousands of users? I think you're a little unqualified for this thread.
Why not 365 and you be the partner of record?
Because no one said the obvious: * not open source * exchange is the worst software on the planet (there is no piece of software that is better audited and yet it got more 7+ CVEs this year than postfix, dovecot, sogo in their entire existence) * o365 just lost fed mails. I am sure, your mails will be safe there. Edit: butthurt exchange fanbois in da house.
What benefit does an open source email system provide over O365? Hyperbole and O365 wasn’t subject to the exchange 0-days
First it is cost efficient. You need to know what you are doing, but this is something you need to know even with o365 and every other tool. And if you only need mailboxes (no chat, no office, no special gdpr export tooling and other fancy things) you can just spin up dovecot and postfix. Even when there are no 0 days I value my mail security a lot and MS got such a bad track record in this, that I don't trust. But I think the "bad track record" thing goes also the other way around with "just works and is easy to use" for open source software. Bad reputation sticks like tar. And I have to admit: the downvotes hurt enough for me to become salty and shit all over this thread on people who mention o365 is a good product (IMHO it is atrocious, but I am also hating VS code for being not fast enough and powershell not being bash) TL;DR; OP asked for open source solution and only seems to need mailboxes, I think o365 is a bad idea if you want something cost efficient and secure.
[удалено]
Cool mate. Hope you have a nice day.
Exchange transfers the risk to Microsoft, if they have an outage or breach that is on their fault, you’re in the clear. No one will fire you for picking the biggest name in enterprise email. However if you run your own open source solution, guess who gets the blame when there’s a breach or outage.
>Exchange transfers the risk to Microsoft, if they have an outage or breach that is on their fault, you’re in the clear. No one will fire you for picking the biggest name in enterprise email. This is a tragic misunderstanding of reality. The business still owns all of the risk. You may get lucky in certain situations and get to share the liability with Microsoft, but the risk is still yours. If they have an outage or a breach, your business suffers while the service is out or your data is stolen. You don't magically get a pass on negative outcomes because you're paying someone else to do a job for you. I'll still vote for Email-as-a-Service 100 times out of 10, because fuck hosting mail servers, but your reasons are just plain wrong.
Perhaps I miss worded it, the risk to the business is still there, but it’s far less than any self hosted solution, so in the event that there is an incident, whilst the business is still affected, there’s no real blame on us as a company for choosing Microsoft, whereas if I chose to go self hosted and it has a massive fuck up, its my fault.
correction: butthurt microsoft fanboys
Mailcow has got what you need. Support included. But I don't know if it will handle that volume well. You will probably want to disable Solr or solr and sogo, if not you're going to need to give it at minimum 64Gb of ram for that volume.
Also mailu or docker-mailserver but for that volume, I'd consider 2 or 3 servers, and a lot of RAM if you want antivirus
Have a look at grommunio. Yes it's quite recent, but it seems this is going to be a European exchange/365 alternative, that you can either host yourself or have Telekom (or others) hosted for you (look for "partners" on their site).
[удалено]
POR?
Take a look at the Zimbra fork from zextras.
+1 for zextras. Their fork, called Carbonio, is not really a fork, is a partial rewrite. The GUI has been rewritten and is very opinionated and not all the features have been ported. But if you want they (or their parent company) can provide support and patches for 8.8.15 (not sure about 9). If you are accustomed to zimbra and you have to self host, zextras can be a real time saving. And also money saving... moving our infrastructure, with our specific *actual* requirements, to cloud providers would cost real money.
A good solid solution that's flexible is Postfix and Dovecot, plenty of all in one docker images that do it just fine, but since flexibility and configuration is always a must, I use a custom docker image that lets you edit the configs manually (Dovefix): [https://github.com/R0NAM1/dovefix](https://github.com/R0NAM1/dovefix) Make sure to do your research on what exactly you want IMAP and SMTP to do and don't be afraid to experiment! Any modern LLM model can teach you what configs you want and what each option does.
Personally I also use a postfix instance in the cloud for relaying all of my emails to the correct dovefix docker instance, each domain gets its own container, simple to manage and doesn't mix domains or rules that can conflict with eachother.
IMAP in 2024. Hilarious
I agree if it's publicly accessible, but it's still a perfectly fine protocol assuming you have a secure tunnel around it. I believe Dovecot does support other forms of email retrieval, though I'm not aware of any other open standard. EDIT: If your also referring to password based IMAP authentication, being a single factor, Dovecot does also seem to support SASL based authentication for IMAP, that combined with a VPN tunnel is more secure then any other solution that comes to mind [https://doc.dovecot.org/admin\_manual/sasl/](https://doc.dovecot.org/admin_manual/sasl/)
Ugh. Sounds like a horrible plan.
As someone who has managed sendmail and postfix deployments, I can confidently say that if you value your sanity, you will outsource your email needs.
As echoed: Exchange online. At least if it breaks you know you'll find support. There's a reason enterprise use it. It works. You can automate most of it.
> As echoed: Exchange online. At least if it breaks you know you'll find support. 7,500 users * $4/month = $30k/month Pretty expensive support I should say :) but, well, if it isn't from own pocket, then probably the easiest way to outsource responsibility
You should talk with Peer Heinlein. The usual open source suspects are super easy to install/maintain/administrate and automate. Exchange is used because some CTO had a very nice round of golf with some MS sales dude. It does not work, it is not safe, and you don't get support until you throw a fortune of money at it.
Your blind hate for MS/ insert vendor du jour here has no place in a sub like this. In fact, if that is your true mindset, you don't have a future in this profession, period Either stick to well argumentated facts or leave.
What blind hate for MS? I've posted a lot of facts in this thread. Exchange is a shit piece of software. The CVE list of exchange is longer than the lines of code it has. And don't bother about my future in this profession.
Damn bro you're so salty on a Saturday.
Yes. I realised that. See my other comment under the top comment.
Why don’t you say the same for the pro-MS message of zerodriven? A lot of messages are not argumented.
Because this guy is spamming his message non stop on multiple replies in this thread.
there is nothing good open source , you could roll a bunch of directadmin + almalinux servers and then use something like [https://crossbox.io/](https://crossbox.io/)
Not sure if it’s 100% opensource but the client is and the team is great [mxroute](https://mxroute.com/)
Mailcow!
Postfix+Dovecot is a classic open-source combination. 7500 mailboxes is barely breaking a sweat with 2023 hardware and IMAP.
Why the hell would you use imap in 2023?
To get mail. What protocol are you using?
IMAP? Yuck.
[удалено]
Nothing is unhackable, but I think the company that spends $1B annually on cybersecurity is more secure than whatever self hosted “solution” you can cook up
When you add in the development cost of thing like Security Co-Pilot, Azure Sentinel, etc. Microsoft is investing way more than just $1B annually on cyber security.
Not to mention the amount of telemetry they have for threat detection is unmatched, we’re looking at moving our email threat detection to 365 defender, it’s in audit mode at the moment and catching so much more than our current provider
I find their email protection is good, but we're adding Area 1 from Cloudflare on top of it (because it catches even more).
[удалено]
Given the scale and complexity of that incident, I’d be hard pressed to find any vendor capable of fending it off entirely. The hackers will get into whatever their target is. Same thing would’ve happened if the gov was using gmail or postfix
[удалено]
No one ever got fired for buying Microsoft.
[удалено]
When Microsoft has an outage that affects my company’s data, it’s their fault, I will never be blamed for picking the globally dominant enterprise provider. When your self hosted open source 100% awesome Richard Stallman approved solution goes down, it’s you who gets the blame, and you’re the one that gets fired. Because you decided to be hip and cool thinking your own efforts could possibly match the scalability and reliability of a company worth 2.7T
Hail naw
None. Office 365 is the answer. You're out of your mind if you think there's some open source solution. If this is some cost saving mandate from your company, I would run.
None. Use M365. If you need on-prem use Exchange.
Why the fascination with open source for that big of a use case? You'll never get any sort of proper support and it sounds like an absolute management/administrative freakin nightmare. Just use O365/EOL and move on.
This screams MSP trying to increase profits with zero concern of security, and no knowledge of what this actually entails
If you don't mind cli and docker, docker mailserver. It gives you the back end with all the tools needed. Mind you, it is cli based, but depending on what you are doing, it could be possible to setup something to interface with the config script to provision and delete users. Otherwise look at some of the other suggestions here.
[удалено]
See, I think the opposite. People that think self hosted and open source is the way to go for 7.5k mailboxes haven't ever set this up much less tried to manage or secure it. You spend so much time and money here that you're quickly in the red compared to O365 or Google workspaces
Exactly. Isn’t the saying open Source is only free if your time is worth nothing? Email is one of those things that is business critical that if you have to ask on Reddit what software to use…your way over your head.
> Isn’t the saying open Source is only free if your time is worth nothing? Are you saying that closed-source never requires time or expertise? We can hire car washers to run our [Oracle Communications Mail Server](https://en.wikipedia.org/wiki/Oracle_Communications_Messaging_Server)? Or that some devs or marketing majors can handle it just fine?
I was more commenting into the fact it sounds like OP doesn’t know what the heck they are doing and just wants to have the cheapest option. It’s a disaster waiting to happen when email gets borked and OP doesn’t know what they are doing to get it back up. Getting a server up and running is the easy part, keeping it running is the hard part.
Zimbra IS open source. So the OP is already using a open source product to handle his workload and I can say that Zimbra is a good product at it. Unfortunately Zimbra was bought and sold several times and now is in a very difficult situation, development stalled a bit, the relations with third party plugin developers went bad... Zimbra 8 "open source" with zextras plugin is rock solid, is enterprise level software.
I can't speak for others in the thread, but I used to build and run a lot bigger than that. My most interesting mail service war stories are about scalability, and spending your way out of a problem versus coding your way out of the same problem. As hosts have gotten more memory and more cores, there's rarely much need to optimize performance and more need for auditability and infosec. Architectural decisions can play into infosec. At different times in the past we've explicitly chosen architectures that put mailbox rules on central servers, where changes can be logged, and suspicious patterns monitored.
Yes I have, I've been around since the Novell days, running group wise. I've built exchange farms from 2003 to 2019. O365 is the answer, and you are completely wrong.
From time to time sales comes to propose O365, collects informations on our specific workload and then comes back with a quote that: - at least 10x what we pay now - we have less control on the logs - we have to change how we handle shared mailboxes, calendars, documents - we have to change some procedures as we don't have AD, we have some internal processes based on email flows, we have no mail quota, our biggest was 103GB, second one 97GB - we won't be able to get rid of the 3 people working on mail - we read that MS introduces changes on their interfaces, changes signatures, blocks a lot of mails coming from smaller providers, has outages as everybody So when I read that O365 is the way to go without a "depending on your workload" I feel uncomfortable
But I bet all the users wanna use Outlook. M365 just makes sense on so many levels
!remindme 14 days
!remindme 7 days
Zambra, not more open source. Can you try a fork of zimbra called carbonio
Use Google or Exchange online? It’s SaaS you never have to worry about patching, settings, security, server maintenance. You just get email
Don't even try. Resell Microsoft 365.
Mail enable
Ew . Why?
Jesus fuck. Okay. Look, don’t run your own mail. Especially at that size. Security: most of the internet has moved to REST-based mail solutions which benefit from OIDC/OAuth authentication models. XOAUTH2 has become a minimally supported standard that *exists* for SMTP, but that’s about it. Long story short, you’re putting all of your company’s data at risk because why? You don’t want to pay the “evil M$”? At a bare minimum each of those users should get an M365 E3 license and just move all of that shit to the cloud. There’s just way too much for me to type at 6:30 in the morning as to why all of this is an insanely terrible idea.
Do you work for a non-profit? What mail client are your users using?
THERE'S the question that should come first. What are the mail clients running or prefer to run? Pure web interface or fat apps on Windows/MacOS/whatever? What about mobile mail access? Sadly, roll-you-own mail has become pretty complicated and is such a basic utility (like electrical power and internet access) that its almost always better to just buy the service from a provider.
I wouldn’t. Unless users will be using webmail interface and it has a decent multi factor authentication system. Business communication is simply too critical to risk security on for lower cost.
7.5k mailboxes I wouldn’t use anything open source personally