OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: New Server Setup

From: Tony Earnshaw (tonnibilly.demon.nl)
Date: Sat Aug 02 2003 - 09:49:47 CDT

Murali Potla wrote:

> I am going to setup a new mail solution. I need your suggestions
> regarding this.
>
> I am going to use Red Hat Linux 9 as my server platform.
> It will used by 200 employees now and it should be sizable to 500
> users.
>
> My server components
> Red Hat Linux 9
> Postfix 1.x / 2.x (MTA)
> Cyrus (IMAP/POP)
> OpenLDAP (Address Book)
> Squirrel Mail (web mail)
>
> Should i go for Postfix 1.x or 2.x ? Is postfix 2.x stable for
> production servers. ?

I've strong views on all of this, since I've tried all the above apart
from Postfix 1.1 - I leapt in at 2.0.10 or something. And Openldap 2.1.4
or something.

Definitely Postfix 2.x. Keep to the latest. Compile your own. Don't
forget Berkeley 4.1.25, Cyrus SASL 2.1.13 or newer and Openssl 0.9.7b.

Cyrus IMAP/POP - no. Choose Courier. The latest Cyrus IMAP/POP is
extremely difficult to configure and demands all sorts of specialist
configuration. Courier is fast, flexible and will support many users,
even on remote mounts; will under normal conditions never corrupt mail.
Courier is not as easy as for example WU-IMAP to implement, but most
people can do it. WU-IMAP is brilliant and easy to implement, but can
corrupt mail under adverse conditions and has a number of disadvantages
(speed, file locking, file size, file locations.) Compile from tarball.

Openldap: Yay! Not just for "Address Book," but for *all* user
authentication and authorization to do with Unix/Linux. Includes smtp
AUTH (if you're clued up with CRAM- and DIGEST-MD5.) Includes logins,
network-wide authentication, Courier authentication -
*a b s o l u t e l y* everything. Includes all kinds of Postfix maps
which normally use Berkeley hash databases - and is the very heart of
your system. However, you'll need time and patience to get Openldap - or
any kind of LDAP - working for you optimally. As with the above, use
the latest, stable 2.1.x Openldap and compile your own.

Squirrel Mail: *NO*. I've tried Horde's IMP, Squirrel Mail and Courier
SQMail. SQMail is worst, Squirrel Mail is next-worst, IMP is more than
good - you can combine just about everything with whatever MUA you have
in your LAN. And obviously use an LDAP-based address book (Turba.)
Someone show me how you implement IMAP-based mail filters with Squirrel
Mail, for example? Someone show me how you implement .forward files when
you're in some Internet cafe in China or somewhere else? Or otherwise
manage your IMAP mail? IMP can do it all - and more - if you set it up
correctly. Use the latest stable. Horde CVS is always better, but will
give you hassle and cost you more time.

> Can any body point me for a documentation regarding this setup.

Nope. You dive in at the deep end and just do it. All the mailing lists
are more than good and the docs you learn along the way. Reckon on a
year or more's learning time, if you don't know anything yet.

> I also need to implement spam blocker and anti virus scanning on the server.

amavisd-new (the latest) with Postfix 2.x. Works fine with all of the
above. SpamAssassin (the latest) and Sophie/Sophos SAVI. The latter
(Sophos) costs money.

What I've recommended should be good right up to small ISP level. Cost
you *time* to implement, but the time's more than well spent.

Oh, even though you compile your own, install *everything* on Red Hat as
rpms. Find a util called checkinstall and use that to make rpms - it'll
surprise you.

Best,

Tony

--
Tony Earnshaw

http://www.billy.demon.nl
Mail: tonnibilly.demon.nl