Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 12 Apr 2004 22:27:45 -0400
From:      Chris Shenton <chris@shenton.org>
To:        Cody Baker <cody@wilkshire.net>
Cc:        freebsd-isp@freebsd.org
Subject:   Re: mail server recommendations?
Message-ID:  <86k70kd332.fsf@PECTOPAH.shenton.org>
In-Reply-To: <407B3285.4060006@wilkshire.net> (Cody Baker's message of "Mon, 12 Apr 2004 20:21:25 -0400")
References:  <407B1A06.4010308@telcom.net> <407B3285.4060006@wilkshire.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Cody Baker <cody@wilkshire.net> writes:

>     I put my personal recommendation in to qmail.  I have 10 + servers
> running qmail, some with 3000+ users.  We use vpopmail for a mysql
> based single UID/GID solution.  For POP3 access we're using the
> integrated qmail-pop3d, and courier-IMAP for IMAP.   Virus scanning /
> MIME-magic is done via qmail-scanner and clamscan.

I'm deploying a system for a client using qmail-ldap, openldap, and
courier-imap.  I plan on using sqwebmail for webmail. I've got
STARTTLS on SMTP and IMAP, and also offer SMTPS, IMAPS, and POPS. Nice
thing about this architecture is that you can have a handful of
MTA/IMAP/POP boxes all delivering to a shared NFS-mounted backend
mailstore -- very robust.

I've also installed a qmail + vpopmail-based system for an ISP and
it's been rock solid.  I didn't need to use MySQL for this but could
have -- or probably even LDAP for user accounts.

I use the qmail smtpd viruscan patch

  http://www.qmail.org/qmail-smtpd-viruscan-1.3.patch

to block all MS executables and have seen a dramatic drop in virii.
Simple: if an an attachment's first line looks like a base-64-encoded
version of an MS executable, it's rejected; doesn't rely on
signatures, or purported suffixes, or forged mime-types, etc.

I haven't done anything but looking at antispam solutions. Currently
looking at DSPAM and CRM114 as they seem to be quite effective (10x
human accuracy, they both claim).  But I haven't yet done anything
serious about integrating them, and haven't worried per-user
configuration, quarantining, etc.  I'd be interested what others have
used successfully.

Be careful if you're using SMTP AUTH, STARTTLS, or SMTPS and want to
use an external anti-spam/virus product: I haven't
found an antispam vendor yet that supports this, tho a couple have it
in the works.  If you integrate  directly on your MTA boxes, it should
be less difficult -- once you figure out how to integrate them :-)

> I am particularly fond of qmail because once it's setup it's very
> easy to use, and is ROCK solid.

Absolutely. Nice not to worry about the frequent sendmail or less
frequent postfix security fixes. "It just works".  Not trying to
evangelize here, just switched from sendmail years ago and won't go
back.  Learning curve's a little steep, all the daemontools and
ucspi-tcp helper stuff but they do work better than the common
equivalents (syslog, inetd, etc).



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k70kd332.fsf>