Mail Server Series — Part 19

Throughout Parts 1–18, we built a complete enterprise-grade Docker mail system, including:

• Postfix (SMTP)
• Dovecot (IMAP/LMTP)
• Amavis + SpamAssassin + ClamAV
• SQL Bayes + TxRep + Remote Learning
• Piler (email archiving & auditing)
• Manticore (Chinese full-text search)
• Roundcube Webmail
• HTTPS reverse proxy + SNI + Let’s Encrypt auto-cert management

In this article, we focus on a critical topic:

How to operate, monitor, and optimize this mail system for stable long-term production use

This includes:

• Daily/weekly/monthly maintenance routines
• Troubleshooting SOP
• Monitoring and alerting design
• Performance tuning
• Security hardening recommendations

---

1. Daily Routine Checks

Estimated time: 5–10 minutes per day.

---

1.1 Check Postfix Mail Queue

docker exec postfix mailq

Watch for:

• Large number of Deferred mails → DNS / network / RBL issues
• Queue size grows constantly → Amavis/SA bottlenecks

---

1.2 Verify Amavis / SA / ClamAV Health

SpamAssassin:

docker logs --since=5m spamassassin

Amavis:

docker logs --since=5m amavis

ClamAV:

echo PING | nc 127.0.0.1 3310

Got PONG → OK.

---

1.3 Dovecot Authentication and IMAP Status

docker logs --since=5m dovecot

Common issues:

Error	Meaning
auth failed	Wrong password / DB mismatch
timeout	Firewall or packet filtering
quota exceeded	Mailbox needs expansion

---

1.4 Piler Archiving Health

docker logs --since=10m piler

Check:

• Manticore indexing success
• Messages correctly written to /var/piler/store

---

1.5 SSL Certificates Validity

docker exec wwwapp certbot certificates

Renew manually if needed:

docker exec wwwapp certbot renew

---

2. Weekly Checks

---

2.1 Verify Backup Status

Check:

• MariaDB dump
• vmail folder syncing
• Piler store growth
• Offsite backup (NAS/S3)

---

2.2 SpamAssassin Weekly Rule Update

docker exec amavis sa-update
docker exec amavis sa-compile

---

2.3 Manticore Search Performance

mysql -h manticore -P 9306 -e "SELECT COUNT(*) FROM piler1"

If slow:

• Clean binlogs
• Reduce unnecessary indexed fields
• Check IOPS

---

3. Monthly Maintenance

---

3.1 Mailbox Size Report (Dovecot)

du -sh /opt/docker/mail/dovecot/usermail/* | sort -h | tail

Abnormal growth may indicate:

• IMAP client re-download loops
• Large attachment storage

---

3.2 Check RBL / Blacklist Status

Use:

• https://mxtoolbox.com/blacklists.aspx
• https://multirbl.valli.org/

If blacklisted:

• Check compromised accounts
• Check abnormal SMTP traffic
• Check SPF/DKIM/DMARC compliance

---

3.3 Piler Search Consistency Audit

Randomly select 3 users:

• Compare IMAP mailbox
• Compare Piler archive

They must match.

---

4. Performance Tuning (Biannual Recommended)

---

4.1 Postfix Tuning

Increase mail concurrency

default_process_limit = 200
smtpd_client_connection_count_limit = 20

Enable DNSSEC support

smtp_dns_support_level = dnssec

---

4.2 Amavis Tuning

$max_servers = 4;

Rule of thumb:
2 CPU cores → 1 Amavis child process

---

4.3 SpamAssassin Optimization

Disable heavy plugins:

• FreeMail
• HashBL
• URIDNSBL

This reduces CPU usage by 30–40%.

---

4.4 ClamAV Tuning

MaxThreads 6

Matches 4–8 CPU systems well.

---

4.5 Dovecot Tuning

Enable cache prefetch:

mail_prefetch_count = 20

Optimize indexes:

mail_index_lazy_writing = yes

Roundcube becomes significantly faster.

---

4.6 Manticore Tuning

You are already using:

• RT index
• 2-char ngram
• ICU Chinese tokenizer

Keep:

rt_flush_period = 300

Increase to 60 if archive grows rapidly.

---

5. Monitoring Architecture

You can use:

• Prometheus + Grafana
• Zabbix
• Netdata
• N8N webhook alerts

---

5.1 SMTP Monitoring

Metric	Meaning
Mail queue size	SA/Amavis bottleneck? DNS issue?
Bounce rate	Blacklisting or DMARC fails
Port 25/587 availability	ISP or firewall blocking?

---

5.2 IMAP Monitoring

Metric	Meaning
Login latency	Dovecot I/O issue
Failed logins	Password brute force
Session count	Possible attack

---

5.3 Amavis / SA

Metric	Meaning
Messages scanned/min	Capacity planning
CPU load	Too many rules?

---

5.4 ClamAV

Metric	Meaning
clamd PING latency	>200 ms = overload
freshclam updates	Virus DB freshness

---

5.5 Piler / Manticore

Metric	Meaning
Index latency	Manticore performance
Archive ingestion rate	Unexpected spikes?

---

6. Security Operations (SecOps)

---

6.1 Brute Force Protection

Solutions:

• Fail2ban
• iptables rate limiting
• Firewall throttling

---

6.2 SPF/DKIM/DMARC Compliance

Verify after each major configuration change:

https://mxtoolbox.com/dmarc.aspx

---

6.3 TLS Score

Check SSL Labs:

https://www.ssllabs.com/ssltest/

Aim for A+ grade.

---

6.4 PostfixAdmin Security

Your setup already follows best practices:

• Initialize setup
• Replace master password
• Remove setup script
• Mount config externally

---

7. Troubleshooting SOP (Complete Guide)

---

7.1 Outbound Email Fails

Check in order:

1. mailq
2. Postfix logs
3. Amavis logs
4. SPF/DKIM failures
5. RBL blacklisting
6. DNS lookup failures

---

7.2 Webmail Cannot Connect to IMAP

Most common cause = firewall.

Fix:

iptables -I INPUT -s 172.18.0.0/16 -d 172.18.0.1 -j ACCEPT

Symptoms:

• Roundcube: “IMAP connection broken”
• openssl s_client: unknown protocol

99% firewall.

---

7.3 Amavis Stops Processing

Check:

• ClamAV stuck
• SpamAssassin SQL unreachable
• /tmp full
• Permissions error

---

7.4 Piler Search Slow

Typical causes:

1. Large Manticore index
2. Fragmented Piler store
3. ngram misconfiguration

---

8. Summary

After Part 19, you now have complete operational mastery of your mail system:

✔ Daily operation routine

✔ Weekly & monthly maintenance

✔ Performance optimization

✔ Monitoring and alerting

✔ Security hardening

✔ Troubleshooting SOP

Your system is no longer just “working”—
it is production-grade, stable, and maintainable.