Design
RSS checks all the feature, device compatibility, performance, scale and security boxes. From the simplicity and maintainability needs of a small office to the administration requirements of multi-location, multi-domain organization.
And it all ‘just works’– from setup, to user and domain/site admin, using the provided GUI.
Provides the strongest possible security no cloud based email provider can match: no message crosses the internet even one more time than absolutely necessary. When managed with RSS, a local message need never risk whether all the ISP’s and cloud providers and internet routers have all their security perfect all the time. Why? Because local messages are not forced to cross the net even once. Compare that to ‘cloud solutions’ forcing each message to cross ‘the cloud’ –with all the ‘black hat’ breach risks– each and every time each is not only sent, but also reread. Even better, with RSS, your messages are not stored along with millions of others in high value target ‘data centers’, waiting for the next ‘mass’ breach made possible by an upset staffer or error. Instead of having ‘all the eggs in one basket’, RSS securely stores each message in its own file in no less than three places within the same building, and allows spreading the risk even more by allowing different company email domains to reside in different company locations.
The smallest configuration supports hundreds of users via two dedicated email ‘virtual machines’ using fewer resources than a low-end laptop. Each email system runs on different physical servers, storing each message on not fewer than three different physical low-end servers, supplied by a single internet service provider (without needing to pay the isp for a ‘static ip address’ and with optional cell-phone hotspot wifi fail-over). The largest configuration supports thousands of users via 59 dedicated email servers running in each of 16 locations, each connected by up to 16 simultaneous internet service providers. And — it is seamless to increase or decrease capacity.
So long as one internet service provider is working and one email server is working — email is working. Mail sent from one company location to another within the same organization is not only encrypted in the latest public email standards, but again in a fashion specific to each company.
RSS software configures, provisions, monitors and updates each email server ‘on the fly’, integrating each into the client communications fabric at each of the levels: site private, client multi-location shared, private vpn and public internet.
Highlights of mail subsystem capabilities and structural components, including links to background and details, are in the sliding two columns on the right. Click the column heading to pause the slider, or click the arrows midway on the left or right to see the next column.
This is ’email in a box (or 59 boxes)’ — on steroids!
- Every internet domain an RSS customer chooses to support is automatically provisioned with these mail related capabilities:
- DKIM – Domain Keys Identified Mail: Since 2005, DKIM provides a method for proving the content of messages sent seemingly by an RSS system– indeed came from authorized systems. General information Details.
- SPF – Sender Policy Framework: Improved often since release in 2002, the SPF system allows those receiving email sent by an RSS client to confirm the message was sent by an RSS server with a proven, documented internet address. General information. Details.
- DMARC – Domain-based Message Authentication, Reporting & Conformance”: is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. Every RSS installation has an email address specifically designated to receive DMARC reports from participating organizations such as google, yahoo, etc.
- Each RSS system has a ‘techadmin‘ email address that receives daily reports of emails scanned, viruses detected, user log-ins and the like.
- SMTP/S – “Simple Mail Transfer Protocol”: The internet standard method email servers use to exchange messages in both secure and open formats (RSS never sends email in insecure formats, but will accept them as the specification requires it). Implemented with extensive security and anti-virus, anti-malware and anti-spam subsystems which are detailed in the Structure subsection of this website. RSS will not accept email other than for domains requested by RSS clients. Most users will not need to know about this capability. General Information.
- Web Mail Access – Secure mail access from any browser. One of many features RSS provides using the Nextcloud Sync/Groupware subsystem. Launched in 2014 as OwnCloud. Sample email subsystem screenshot. Article: Nextcloud has over 36,000 server installations and over 100,000 client downloads. General Information.
- Mail users who employ mail reading programs or apps (other than web browsers) will interact with these industry standard capabilities. The related technical details are usually ‘autodiscovered’ or automatically populated in user’s email programs such as Outlook, Thunderbird, Android, Apple, etc. :
- IMAP/S – “Internet Message Access Protocol”: Provides secure access to email through programs such as Outlook, Thunderbird, Android, Apple, and many more. More popular and different than other formats as the messages remain on the RSS servers and accessible at the same time by several client devices. Often the only method of reading email and managing folders users are aware exists. General information.
- POP3/S – “Post Office Protocol”: Provides users secure access to their email, much in the same fashion as IMAP/S above. However this protocol is generally used to transfer email to client reading systems without leaving a copy on the RSS server– meaning other devices the client may also own may not see a copy. Older and less used than IMAP but still useful in some cases. General Information.
- Email Submission – Users authorized by RSS client administrators supply a user name and password to send email. This is the standard secure way to cause the RSS servers to send email on behalf of users. General Information,
- Administrative Capabilites:
- DNSSEC – Secure Domain Name System. Every email domain a client owns gives RSS to manage, is provisioned with secure numerical ‘keys’. When these keys are loaded into the client’s domain name registrar (a one time task via GUI), it is possible for all to prove RSS communications of any sort originate from the numeric internet addresses owned and controlled by client, and not some ‘hijacked’ or ‘spoof’ attempt. General Information. Domain Management Overall Screenshot. Details.
- User / Account maintenance. Using a GUI, an administrator can establish user names, primary and secondary email addresses for users and more. Users can use the same interface to change their passwords. The interface is not available over the general internet, but only after secondary authentication via RSS’s RoadWarrior VPN or from within one of the client’s RSS locations. Screenshot Details.
- Integrated Subsystems:
- Postfix – Mail Transfer Agent. Stability: Updated annually since 1999, exchanges 1 of every 3 emails crossing the web today. Security: Email that doesn’t need to leave the building stays in the building; Email among company locations is double-encrypted in a per-company specific format. All legacy and recent formats supported. SMTP/S, Submission, TLS… General Information. Details.
- Dovecot – Interface for user mail readers, called ‘delivery agents’. Supports Outlook, OSx, Android, IPhone, Thunderbird, etc. Protocols: IMAP/S. Stability: More than 2.9 million active installations, first released in 2002. General Information. Details.
- Nextcloud – Secure mail access from any browser. One of many features RSS provides using the Nextcloud Sync/Groupware subsystem. Launched in 2014 as OwnCloud. Sample email subsystem screenshot. Article: Nextcloud has over 36,000 server installations and over 100,000 client downloads. General Information.
- SpamHaus – Native integration with one of the most respected, largest anti-spam database clearinghouses since 1998. General Information. Details.
- Amavis – Providing email sender DKIM whitelisting authentication and anti-malware, anti-spam and anti-virus email filtering services since 1997. General Information. Details.
- Sqlgrey – Allows each company to fast-track (‘whitelist’) approved mail sources while discouraging repeated attempts by spam sources. Known since 2004 as ‘a greylisting policy server’. Sqlgrey is enhanced by RSS’s email whitelist, which enables instant recognition of email sent by the largest 1,000 companies and the most visited 500 websites. General Information. Details.
- SpamAssassin – Improved every year since 2001 release, SpamAssassin uses the latest techniques to generate a ‘spam score‘ for incoming emails. Client systems can determine whether to discard, segregate, flag or accept messages based on the score. General information. Details.
- ClamAV – Updated automatically every few days since release in 2007, ClamAV ranks 12th out of 19 of the most used antivirus products. Removes upwards of 75% of known viruses from incoming mail. General Information. Details.
- Security Technologies – To avoid giving those with ill intent information, RSS server installations at client locations have further security related technologies which are documented only for admin users. However, other than described publicly, nothing in RSS permits client data or metadata to leave the client’s installations.
- Foundational Subsystems:
- FreeIPA – Multi-server, high availability user authentication, authorization, policy, certificate and trust management systems. Among so many other things, provides administrators and optionally users a GUI to manage accounts and passwords, set up email addresses and aliases, and more. Supports DNSSEC secured company domain names, and cross-trust agreements with Microsoft’s Active Directory. General Information. Details.
- Ceph – “The future of storage”. Updated annually since 2012, among many other things: stores email in ‘future proof’ eml format in its own file, each copied on not fewer than three servers– only one of which need be operating to continue operations. General Information. Details.
- Nginx -Released in 2009, now in 2022 Nginx serves 1 in 4 of the busiest websites. Among other RSS multi-server services, Nginx supports the ‘Autodiscover’ feature allowing simple email client setup, and the Nextcloud system described above. General Information. Details.
- Maridb/Galera – Highly available multi-server SQL database engine, provided in both site-local (secure, high performance) and intra-company (multi-location simultaneous updates) modes. Allows multiple email servers to share anti-spam and related information in real time. A successor to MySql. General Information. Details.
- Host OS: Ubuntu LTS running on either ‘bare metal’ or virtual machine/KVM – Each RSS site supports not fewer than two simultaneously running email servers (scales to many more depending on hardware). Even should only one be running, email services will appear normal. Scales to thousands of users natively. All email functions are isolated in a virtual machine both to protect the overall system from email breaches and to allow the installation of the latest email related patches without concern for dependencies and incompatibilities in unrelated subsystems. The underlying Linux distribution for the Email subsystem is Ubuntu. While ‘docker’ and related isolation technologies provide small speed advantages, virtual machine isolation remains the gold standard for security and is therefore the basis for RSS email. Ubuntu Linux General Information, Details. KVM General Information , Details.